October is National Cyber Security Awareness Month, a time for credit unions to take a closer look at how they are protecting systems and data while raising awareness for the growing threat of cyber breaches. The recent Equifax breach has taught us all just how important and serious cyber security awareness is at both the employee and member level.
To kick off Cyber Security Awareness Month, we caught up with Paul Love, chief information security officer for CO-OP Financial Services, to get some tips and advice for credit unions when it comes to cyber security.
“Credit unions have a special relationship with members that other financial institutions don’t enjoy,” said Love. “They have trust. Our members are expecting their information to remain safe and secure, and we have an obligation to ensure protection at the levels they expect.”
According to Love, many breaches occur when organizations get careless about their basic security policies and practices.
“There are very few hacks that occur in the way movies sensationalize these events,” he said. “Most of the time, securing data gets down to fundamentals. For example, an employee clicks on a phishing e-mail, or a system goes unpatched.”
For credit unions, Love says, the most common threat right now is account takeovers.
“Criminals committing this type of fraud have moved from larger banks to mid-size and small financial institutions because they assume smaller organizations are not making the same investments in security,” he said.
Another trend on the rise is for cybercriminals to steal the identities of minors.
“Thieves focus on people under 18 because they have clean credit records,” he said. “I have seen instances where a college student applies for credit only to find out that he or she has multiple mortgages.”
Create a Cyber Security Champion
To protect members against these kinds of threats, Love advises credit unions to place a single employee in charge of information security.
“Having one person who is responsible for information security is an essential first step,” he said. “If this task ends up being someone’s secondary job, that employee’s primary job will take precedence, and this is not a good practice.”
He also points to the importance of having consistent policies and standards in place.
“Applying security consistently across the organization sets the baseline for what the credit union expects from its employees,” he said. “The right controls need to be implemented as well, including patching programs to keep systems up to date. If you have good defenses in place, you are less likely to be targeted.”
Love also recommends maintaining a formal incident response program, and training employees on this program.
“If a breach occurs, credit unions need to react quickly, both containing the damages and communicating well with members and the community,” he said. “If you leave your member base speculating on the situation, trust will erode.”
He continued, “Fraud evolves and advances rapidly. Investing in updated security technologies, such as neural networks and machine learning fraud detection tools, is critically important. But it is also important to teach members how to be responsible with cards and accounts.”
To that end, Love recommends making security tips available to members in the branch and on the credit union website. He also advises credit unions to encourage members to freeze their credit, subscribe to a third-party monitoring solution, and download a mobile security app for card controls and alerts.
“Involving members in the fight inspires their loyalty and shows them that you are watching out for them,” he added.
For more information on how to protect your credit union and member data, register for February’s FraudBuzz webinar.