If your credit union has been paying attention, then you should already know that October is Cybersecurity Awareness Month. Sponsored by the Cybersecurity Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), the annual event is in its 18th year and continues to help individuals and businesses raise awareness about the importance of cybersecurity in the present age.
For credit unions (CUs), cybersecurity has become increasingly important over recent years. As more and more members opt for digital banking options, credit unions must take extra precautions to protect their member’s personal information and finances from security breaches and cyberattacks. One of the best ways to get started is to have your CU’s employees participate in Cyber Security Awareness Month to learn more about how you can protect your credit union and members from cybersecurity threats.
Steps your credit union can take to enhance your cybersecurity
As the world adapts to more and more digital technologies, the threat of cyberattacks continues to grow. In fact, according to the Information Systems Audit and Control Association (ISACA), cyberattacks are the fastest growing crime in the United States, and damages related to cybercrimes are expected to reach 6 trillion USD by 2021.
This means that credit unions who fail to pay attention and provide top-quality cybersecurity for their members risk losing money, members, and in the worst-case scenario, their businesses. Fortunately, this week for Cyber Security Awareness Month, there will be several events for credit union teams and members to participate in to learn more about how they can stay safe online.
Listed below are a few tips for credit unions and members to stay safe from online attacks.
- Passwords: Creating strong passwords is crucial for cybersecurity. The longer the password, the more difficult it is for hackers to crack or reverse engineer. It’s also important not to use actual words, and to refrain from using personal information or formulas that could easily be guessed. Since it’s not always easy to remember long passwords, it’s a good idea for individuals to use a password manager. Credit unions should educate their members by providing information about how to create passwords that cannot be hacked.
- For CUs that manage user password accounts: Besides educating members about password safety, it’s also important for CUs to have security measures in place that require strong passwords. You can set character limits between 8 and 64 characters, and use a blocklist that bars members from using common, easy-to-guess passwords. Research has shown, however, that making rules about the types of characters that must be used often frustrates members and results in them making weak passwords just to satisfy the system’s requirements. If there’s been a security breach, then you should ask members to change their passwords. However, having them change passwords too frequently can also lead to the creation of weak passwords. Also, credit unions should be ready for both online and offline attacks by using a rate-limiting mechanism to stop repeated guesses of passwords, and by storing passwords safely so that hackers can’t exploit the authentication database. Requiring safe passwords and not over-frustrating your members with requirements can be a delicate balance, but one that’s important for CUs to maintain.
- Multifactor authentication: Making use of this technology is a great way to prevent cybersecurity breaches. Multifactor or two-step authentication uses a combination of passwords and/or biometric verification across multiple devices, such as a user’s computer and mobile device. This means for an attacker to be successful, they not only have to obtain a user’s password or biometric authentication, but they also have to steal the user’s mobile phone or security token. One example of a multifactor authentication system involves sending user’s a unique code via text message that they would then use along with their regular password to enter their account. Although it can be a slight inconvenience for members, multifactor authentication greatly enhances user account security.
- Phishing attacks: This type of cyberattack has been around for decades and is one of the most overlooked and commonly used attacks on credit union members and other individuals. These attacks involve fraudulent emails that trick users into providing login or other important information. Because these emails are designed to appear like they come from credible sources, they are often difficult for members to identify. Credit unions should train their employees to identify phishing attacks and also encourage members to report any emails or messages they receive that are suspicious.
This week during CISA’s Cybersecurity Awareness Month, there are several educational events that discuss various themes related to cybersecurity where your credit union can explore, experience and share ideas and important information about cybersecurity awareness. For more information about what’s going on this week and throughout the month of October in Cybersecurity Awareness Month, click here.
Enhancing your cybersecurity with a credit union core provider
Choosing the right credit union core provider to run your CU’s digital platform is also another way you can beef up your cybersecurity. With FLEX core technology, you can run a seamless core processing system and digital banking platform that employs a multifaceted security system aimed at keeping your credit union and its members safe from cyberattacks. At FLEX, we use a multi-layered approach to protect sensitive data and repel malicious attacks from outside and inside your network.
For more detailed information about how FLEX can help your credit union protect your data and that of your members, download our free Security Services eGuide today. We look forward to helping your credit union build a safe, secure, and seamless digital platform.