Cyber Attack Preparedness for Credit Unions

The Federal Financial Institutions Examination Council (FFIEC) recently released advice about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software, known as malware. In addition, the FFIEC provided information on what institutions can do to prepare their cybersecurity to respond to these threats.

Cyber attacks have increased in frequency and severity over the past two years. The attacks often involve the theft of credentials used by customers, employees, and third parties to authenticate themselves when accessing business applications and systems. Cyber criminals can use stolen credentials to commit fraud or identity theft, modify and disrupt information system, and obtain, destroy, or corrupt data. Also, cyber criminals often introduce malware to business systems through e-mail attachments, connecting infected external devices, such as USB drives, to computers or networks, or by introducing the malware directly onto the business systems using compromised credentials.
In accordance with FFIEC guidance, credit unions should:

• Securely configure systems and services;
• Review, update, and test incident response and business continuity plans;
• Conduct ongoing information security risk assessments;
• Perform security monitoring, prevention, and risk mitigation;
• Protect against unauthorized access;
• Implement and test controls around critical systems regularly;
• Enhance information security awareness and training programs; and
• Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.

Remember the widespread hack of Target user’s credit card credentials? FLEX was prepared. We are equipped for immediate response to cyber attacks. We put security as a top priority in all of our offerings. Take for example our FLEX Mobile Apps that are secure to protect both your credit union and your members.