From Xbox and Arby’s to Yahoo, Equifax, Uber and more, cybercrime has spread like wildfire across the consumer landscape this year.
In fact, 2017 will go down as another record year for data breaches. According to Accenture, cybercrime incidents are up 27 percent in 2017, with the average business grappling with 130 successful breaches. Costs to combat cybercrime are skyrocketing as well – up 23 percent over 2016 levels. By year end, the average U.S. business will have spent a staggering $11.7 million to manage cyberattacks and recover from the disruption.
As alarming as these statistics are, there are measures your credit union can take to strengthen security across systems and data. Here’s what you need to know to protect your credit union and members from cyberattacks in 2018 and beyond.
Focus on Fundamentals
“The biggest issue, hands-down, is distraction,” said Paul Love, chief information security officer for CO-OP Financial Services. “With so many shiny new cybersecurity ‘toys’ on the market, security teams can get distracted from deploying the basics of information security.”
According to Love, credit unions need to ensure that their cybersecurity experts very selectively implement disparate tools that address of-the-moment threats. “That’s not to say that some of these one-off solutions don’t have a place,” he said. “Many of them are incredibly well built and do an outstanding job of protecting against the threat for which they were designed. But, what happens, especially for small and even mid-sized organizations, is that the security lead gets pulled in too many directions.”
Complicating matters, he adds, is the reality that many of the disparate tools being offered as solutions are difficult to “plug in” to the credit union enterprise. “It can take a lot of work to integrate and train staff on new software,” said Love. “My advice to security teams, particularly those with limited resources, is to focus on the basics.”
Keep Systems Patched
Love’s number one cybersecurity best practice for credit unions is to make sure systems are patched, and that analysts are getting the necessary alerts from vendors and associations to understand when and how to patch systems.
“Get your firm locked down with some rock-solid identity and access management systems, policies and procedures,” he said. “Make sure passwords are changed on a regular basis as well. These are not the trendy, rock-star initiatives that will blow up your LinkedIn profile, but they are the ones that will keep your credit union the safest.”
Create a Cybersecurity Champion
Love also advises credit unions to place a single employee in charge of information security. “If this task ends up being someone’s secondary job, that employee’s primary job will take precedence, and this is not a good practice,” he said.
He also points to the importance of maintaining consistent policies and standards.
“Applying security consistently across the organization sets the baseline for what the credit union expects from its employees,” he said. “Breaches most often occur out of simple carelessness – for example, when an employee clicks on a phishing email.”
Address Breaches Immediately
To mitigate damages should a breach occur, credit unions should have a formal incident response program in place.
“When a breach is discovered, credit unions need to react quickly, both containing the damages and communicating well with members and the community,” he said. “If you leave your member base speculating on the situation, trust will erode.”
He continued, “Fraud evolves and advances rapidly. Investing in security infrastructure, including neural networks and machine learning fraud detection tools, is critically important. But it is also important to teach members how to be responsible with cards and accounts.”
To that end, Love recommends making security tips available to members in the branch and on the credit union website. He also advises credit unions to encourage members to freeze their credit, subscribe to a third-party monitoring solution, and download a mobile security app for card controls and alerts.
“Involving members in the fight inspires their loyalty and shows them that you are watching out for them,” he said.
For more information on how to protect your credit union and member data, register for February’s FraudBuzz webinar.