Wednesday, October 5, 2016

Three Ways to Tune-Up Your Credit Union’s Cybersecurity

Cybersecurity is an ongoing arms race, with threats evolving constantly. These days, it isn’t a matter of if a credit union will be the victim of a cyberattack; it’s a matter of when.

Breaches bring many risks to the forefront, spanning credit unions’ financial, compliance and legal departments. A breach can also impact reputation by leading to erosion of members’ trust in your credit union. So, being prepared is critical.

As October is Cybersecurity Awareness Month, here are three ways to tune-up your credit union’s cybersecurity.

  1. Set up a first round of defense. Ensure your credit union has a strong first round of defense by layering different types of protections. Start by setting up a firewall, making sure your antivirus/malware protections are up-to-date and implementing robust spam, web and email filters. Also, consider adding an intrusion detection system (IDS) or intrusion prevention system (IPS) to your arsenal. These are designed to detect suspicious network traffic and send alerts to the system administrator.

    After adding these protective layers, check that your data is encrypted no matter where it’s located – on the network, mobile devices and backup tapes/disks or as it’s transmitted over the Internet and in emails.

  2. Transform your staff into a cybersecurity asset – instead of a liability. Human error is a factor in over half of data breaches. Internal theft, lost or improper disposal of data or employee negligence – like opening and clicking on phishing emails – can all lead to breaches.

    Address the importance of information security by training new employees when they're hired, and continue this through the year (at least annually). Your goal should be to change employee behavior to reinforce good data security practices, particularly in the area of handling sensitive member data and in phishing and malware. Some example training topics could include incident response plans, user passwords, malware, email security and/or encryption. An effective cybersecurity awareness training program can make your employees more of an asset, rather than a liability, when it comes to data security.

  3. Refresh and review best practices often. With new threats presenting themselves all the time, it’s extremely important to continuously evolve your security. Conduct analyses like vulnerability assessments, penetration testing (or “friendly hacking”) and third-party network security reviews at least annually. Proactive measures like these allow you to identify and patch vulnerabilities in your current set-up.
Interested in learning more about the vulnerabilities impacting your credit union and protections against breaches? Log into our Protection Resource Center* to watch our latest webinar, titled “Understanding Cybersecurity Vulnerabilities and Protections,” featuring Randal L. Gainer, Partner, BakerHostetler, and Ken Otsuka, Risk Management Senior Consultant, CUNA Mutual Group.

Also, keep an eye out for more risk management insights on our blog, or tune into our Credit Union Protection webinars, provided exclusively to our Bond policyholders.

*Bond policyholders only