Volunteer Corporate Credit Union
Nashville, Tennessee - Photo Courtesy of Barry Shulam
   Home ι Sitemap ι Contact
Music City, U.S.A.
September/October 2017 Issue: Front Page > Industry Info

Industry Info
Are Your Cybersecurity Efforts Akin to “Whack-a-Mole”?
What You Need to Know
Whack-a-Mole With Cybersecurity in an ongoing arms race and threats evolving constantly, are your cybersecurity efforts akin to the game, “Whack-a Mole”? Exposures can significantly impact your credit union, so it’s important to be aware of the latest cyber-trends. Here are six trends to watch out for:
  1. Malware – short for “malicious software” is an umbrella term referring to a variety of forms of hostile or intrusive software. This type of software includes computer viruses, worms, Trojan Horses, ransomware, spyware, adware and other malicious programs. Malware is defined by its malicious intent, acting against the requirements of the computer user.

  2. Ransomware – (a form of Malware) is malicious software that can restrict access to credit union files, threaten disruption or cause permanent destruction unless a ransom is paid. According to one security expert, ransomware strikes small, financially-related businesses at a rate 8 times higher than that of larger financial organizations. Why? Because large financial institutions are getting better at protecting themselves, causing the threat to smaller organizations (like credit unions) to become that much greater.

  3. Distributed Denial of Service Attacks – these types of cyber-attacks are increasing in both frequency and sophistication. Hackers use these types of attacks to overwhelm a system with data in an attempt to prevent users from accessing their information. This means your credit union members who attempt to access your credit union’s website/secure portal wouldn’t be able to do so.

  4. The Internet of Things – these are devices with constant connectivity such as virtual personal assistants, Bluetooth headsets etc. and can pose a threat to your credit union. They are susceptible to hacking which can lead to unauthorized access to your network resulting in your credit union’s data being compromised.

  5. Attacks on the Credit Union’s Reputation and Brand – these types of attacks most often involve a takeover of the credit union’s own social media accounts. Frequently, these types of threats can ultimately result in negative propaganda being disseminated creating a wedge between the credit union and its members. Once this has been achieved, regaining the trust of the member can be difficult.

  6. Authorized Access Consideration – it is important to be cognizant of those credit union employees to whom you have given access to “proprietary and confidential” information. It is prudent to consider classifying your data and monitoring those individuals who have authorized access. You might be interested to know that 64% of cyber-attacks originate from within the employee’s own organization and almost this same percentage involve employees stealing proprietary corporate data when they quit or are fired.
So, as credit unions, how do we protect ourselves from these myriad of cyber-threats? Here are a few of the ways that have proven successful in mitigating the risks:
  1. Evaluate Your People, Processes and Technologies – for example, make sure that you are running the most up-to-date software on your system (i.e. install patches in a timely manner and confirm that the passwords you are using are appropriately strong and changed routinely). Update firewalls and routers. The risk is too high to allow patches and firmware updates to slide. Designate a “cybersecurity leader” -- an internal champion within the credit union whose responsibility it is to monitor evolving threats and oversee a plan to protect against them.

  2. Educate and Train Your Employees – it is critical that as credit unions we thoroughly educate our employees about cyber-threats as well as the ways to protect ourselves against them. Cybersecurity education and awareness campaigns must extend to the C-suite as well.

  3. Share Information – consider joining an organization like “The Credit Union Council of Financial Services Information Sharing and Analysis Center”. This is a non-profit group that is comprised of over 7000 financial institutions and is organized and dedicated to not only keeping its members informed on the latest cyber-threats, but also recommending effective actions that can be taken to combat these threats.

  4. Cyber Insurance – another avenue you might also consider pursuing is the purchasing of “cyber insurance”. Options can vary widely and so be sure to carefully review and understand the policy terms and conditions.

  5. Risk Assessments – the NCUA strongly recommends that credit unions and their IT security teams reassess their cybersecurity strategies each year by conducting “risk assessments”. These assessments involve a systematic approach to both identifying and ranking ongoing and new risks and then initiating plans to mitigate the top threats.
Data security breaches have become a serious and costly problem for both consumers and businesses. Credit unions bear a significant burden as they can be susceptible to steep losses when confronted with a breach that affects member safety as well as the soundness of the credit union. In 2015, a NAFCU Survey Report showed that credit unions on average spent $136,000 on data security measures and $226,000 in costs associated with actual data breaches that occurred. No doubt these numbers have increased today.

Despite the fact that many credit unions have implemented sophisticated and effective data security safeguards, hackers continue to adapt to constantly evolving technology and find new ways to penetrate systems. For all of these reasons, it is imperative that credit unions be proactive and make every effort to stay one step ahead of these potential threats versus taking a “Whack-a-Mole" approach.

Note: Next month (October) is “National Cybersecurity Awareness Month” – an excellent opportunity to take stock of your own cybersecurity program.

 Back to Front Page...

Your savings federally insured to at least $250,000
and backed by the full faith and credit of the United
States Government. National Credit Union Administration,
a U.S. Government Agency.

America's Credit Unions