February 23, 2017

Five Emerging Risks and How to Mitigate Them

By Joe Luedke, Risk Consultant – Emerging Risks, Risk & Compliance Solutions



With each technological advance emerges new risk. Think about it: Every technology upgrade, new mobile device and new payment method brings exposure that wasn’t identified previously.

The real threat occurs when these risks aren’t anticipated or communicated within your organization. Here are five emerging risks every credit union should have on their radar right now:


  1. Social media.
    Employees posting comments on social media that are inaccurate or appear incomplete or disparaging can threaten your organization’s reputation. Be careful when taking disciplinary action, as the National Labor Relations Board can classify social media activity as “protected concerted activity.” Mistakes here can lead to retaliation, wrongful termination claims and expensive litigation.

  2. Internet of Things (IoT) era.
    The IoT offers new tools and technologies that provide constant connectivity. It also creates new opportunities for data compromises. Workplace devices – like printers, clocks, break room appliances and TV – and employee devices – like watches, Bluetooth headsets and fitness trackers – are all susceptible to hacking, which can lead to unauthorized access to your network.

  3. Bitcoin and blockchain.
    Members may already use bitcoin and blockchain for fast and unregulated transactions, sometimes associated with nefarious activity. Unfortunately, about a third of bitcoin trading platforms are hacked.

  4. Ransomware.
    Today’s phishing attacks can restrict access to files and threaten disruption or permanent destruction of sensitive information unless a ransom is paid. Ransoms can range from hundreds to thousands of dollars, and they are typically payable in bitcoin.

  5. SMiSHing and website spoofing.
    As demand for mobile access grows, members don’t think twice when they receive texts claiming to be from their credit union. These fraudulent texts can infuse malware or redirect members to spoofed websites that allow fraudsters to capture or confirm personal or account information.

Credit unions must be ready to deal with emerging risks like these, while still tending to familiar threats. So, the bottom line is, don’t be complacent. Start implementing basic steps – like the following – today, so you don’t fall victim:

  • Educate staff and members about spam, shams and other scams. Ensure they understand how to identify fraud. Teach them what to click and what not to click and how to use proper technology etiquette to keep themselves – and your credit union – out of harm’s way.

  • Stay in the loop, as executive involvement is critical to success. Remember, when risk management is effective, nothing bad typically happens and the status quo is maintained. But, when you’re blindsided by a problem, poor risk management usually takes the blame.

  • Follow a process that includes risk mapping matrices, risk heat maps and process mapping to help uncover potential risks, quantify their potential impact and keep leadership aware.

  • Implement risk and compliance best practices, including policies and procedures to reduce potential loss. A number of great resources in the credit union marketplace are available to help, including those in our Protection Resource Center.

As technology continues to evolve, risks will continue to emerge. So, do your best to visualize, track and communicate risk at your credit union. Once you identify an emerging risk, you can begin taking action to mitigate it.

Learn more about emerging risks by watching our recent webinar with NAFCU, titled “Emerging Risks on the Radar.”

Note: This post originally appeared via the NAFCU Services Blog.