If your credit union has been paying attention, then you should already know that October is Cybersecurity Awareness Month. Sponsored by the Cybersecurity Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), the annual event is in its 18^th year and continues to help individuals and businesses raise awareness about the importance of cybersecurity in the present age.

The increased use of digital technology around the globe over the past couple of years has also led to an increase in cyberattacks--particularly phishing. Phishing refers to when a malicious actor sends fraudulent emails or messages with the intent of stealing your personal information and/or money. Since credit unions have access to both the personal information of their members and their money, it makes them ripe targets for phishing and other types of attacks online.

For week two of Cybersecurity Awareness Month, the Cybersecurity & Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) will be focusing their energy on phishing attacks. Themed “Phight the Phish!,” the week aims to spread awareness and reduce the risk of phishing attacks on individuals and businesses across the nation. Because credit unions are responsible for guarding both sensitive information and the money of members, it’s important to prepare for phishing attacks and understand how to prevent them and respond appropriately if one occurs.

As the world trends towards more and more digital solutions, there is an ever-increasing risk of individuals and businesses being exposed to cyberattacks. A cyberattack refers to the attempt to steal, disable, expose or destroy information illegally through unauthorized access to computer systems, and when cyberattacks succeed, they can be extremely dangerous and costly to whomever suffered the attack. Because of the clear danger of cyberattacks, it’s crucial that individuals and institutions like credit unions that rely heavily on digital infrastructures take the appropriate measures to protect themselves and their members.

Grants can provide the boost a credit union needs to address those undervalued or overly costly issues they might not have the funds to cover otherwise, particularly so in low-income areas. The Community Development Revolving Loan Fund (CDRLF) grant makes it a priority to identify specific areas of credit union operations that are likely underfunded in low-income areas and designates monies to these initiatives. For 2021, the CDRLF outlined cybersecurity as one of these initiatives and it couldn't be more timely.

In 2020, the pandemic forced many of us to change how we do business and to do it fast. As state-issued lockdowns caused brick-and-mortar businesses to close their doors and people turned to digital solutions, such as e-commerce and digital wallets for everyday transactions, many credit unions around the country were forced to enhance their digital services and make big changes to how they operate.

Consumers are filled with expectations of service providers that are often at odds with each other. They want service to be both expedient, but thorough. They want customer service interactions that are friendly, but formal. They want to have attention paid to them, but not too much. They want access to be convenient, but they demand that access be secure. Convenience and security, especially in the financial sector, require a delicate balance. The more you increase security measures, the less convenient a process becomes. But make a process too convenient by reducing security measures and you put both the user and the service provider at risk. It is this balance that credit unions must achieve to be successful.

Cyber security restrictions and regulations have been tightening as procedures become increasingly reliant on technology. In the past several years, the financial services industry has endured more than a few data breaches. In 2016, credit unions and banks with less than $35 million in assets accounted for 81% of hacking and malware breaches. The aftermath of these incidents has led to stricter policies and higher expectations for member data security. Credit unions have been working to build a culture of cyber security that is ingrained in every stage of data storage and transit including in-branch and over networks. The National Cyber Security Alliance outlines a recommended process for identifying, protecting and detecting potential security risks, but it is equally important to have a plan in place should a breach occur. Here are some considerations for responding to and recovering from cyber security scares.

There are a lot of considerations for any organization going through a merger. It takes cooperation and patience to combine cultures, assets and staff during a merger, but for credit unions, the effect on members is a major factor to keep at the forefront. Members often come to credit unions to experience a better value through more customization, better service and a more personal banking experience. A merger might be unsettling for members, so it’s important to reassure them that their experience will not be negatively impacted by the changes a merger will bring. To actually follow through on that, maintaining a tight lock on member information and data will be essential. Here are some tips regarding member data security that credit unions should know when embarking on a merger.