Cyber security restrictions and regulations have been tightening as procedures become increasingly reliant on technology. In the past several years, the financial services industry has endured more than a few data breaches. In 2016, credit unions and banks with less than $35 million in assets accounted for 81% of hacking and malware breaches. The aftermath of these incidents has led to stricter policies and higher expectations for member data security. Credit unions have been working to build a culture of cyber security that is ingrained in every stage of data storage and transit including in-branch and over networks. The National Cyber Security Alliance outlines a recommended process for identifying, protecting and detecting potential security risks, but it is equally important to have a plan in place should a breach occur. Here are some considerations for responding to and recovering from cyber security scares.
Having a recovery plan in place before cyber disaster strikes is critical. While a stringent cyber security protocol will likely prevent any breaches from happening, even the most robust programs are not completely safe from attack. Being prepared to respond will help your credit union work through security incidents with more confidence. Immediately following a cyber security breach, the first step is disconnecting affected networks and computers to take them offline, and then contact IT professionals or vendors to help assess the situation. Also, contact your credit union’s legal representation to begin addressing any implications resulting from the attack. Having "stand-in" options available will also be helpful in a security crisis because your credit union will be able to continue operations as usual, albeit things might be moving more slowly. Finally, ensure your credit union is familiar with state data security laws, and notify the necessary parties as soon as possible after a breach.
The final stage of a data breach is recovery, and that begins with analyzing the post-breach process. Begin by writing up takeaways from the experience -- what your CU did well and what could have been executed better. Then translate these takeaways into improvements for security policies and procedures that will be communicated to your credit union staff and incorporated into the ongoing cyber security program. It can also be beneficial to encourage continuous education and improvement to your credit union’s cyber security knowledge in order to ensure your plan is as effective as possible. Finally, your credit union will need to do some damage control to reaffirm members’ confidence in your CU. Data breaches are not only a moment of panic for your credit union, but for members as well. They will likely need some reassurance that your CU is taking all the necessary steps and precautions where their data is concerned.
A cyber security plan won’t look the same for each and every credit union. Depending on the size of the credit union, different levels of security will be required. However, the process for addressing a data breach is consistent across the board. Being prepared to deal with a cyber security incident is essential even for CUs with extraordinary security protocols already in place. The biggest mistake your CU can make when it comes to cyber security and member data is assuming that you’re safe from attack.