When it Comes to Cybersecurity…Are You Playing Offense or Defense?
in Compliance & Regulatory
By: Nicola Foggie, NJCUL Vice President, Compliance and Regulatory Affairs

When it comes to myself, my family, and my friends, safety and security are top priority. And we’re not alone. The Consumer Banking Experience Index survey has consistently found that consumers rank the safety and security of their personal information as their highest priority in the “banking” experience. Couple that with a constant barrage of data breaches, hacks, and identity theft scams happening around the globe, and being featured in the news these days, entrusting your money and financial security to someone else can be daunting. Members want to feel confident that their credit unions are keeping their private information safe and secure. That begins with credit unions looking inward, ensuring their board of directors, supervisory committee, and senior management are placing a strong focus on cybersecurity.

You really have two choices – wait until you suffer a breach, and then scramble to clean up the mess, or be proactive, and make the credit union a hard target for anyone looking in your direction.

Verizon’s 2018 Data Breach Investigations Executive Summary report

So, where does your credit union stand? Are you sitting back and waiting for cyber-hackers to come your way…playing defense? Or, are you ready to take control of your credit union’s cyber-safety and start playing offense?

Cyber-hackers only need one point of entry to exploit a credit union’s vulnerabilities, which are sometimes the simplest of things, i.e. not enforcing complex passwords, not implementing timely security patches to servers and workstations, and failing to conduct timely security training for employees. Credit unions need to ensure that they have up-to-date cybersecurity information, education, and training to prevent these most basic of attacks. And, if a credit union does not have the internal resources to get the job done, they should look to connect with verified third-party partners that best fit their needs and budget.

Recent industry reports show that credit union membership is growing overall, with new members looking for better interest rates, lower fees, and friendlier service than traditional, for-profit banking institutions. Guess what else they are looking for? A safe and sound institution they can entrust with their personal information and money.

You might think cyber-hackers only go after big banks or the largest of credit unions; however, according to Verizon’s 2018 Data Breach Investigations Executive Summary report, the financial industry as a whole ranks in the top five most likely targets of a social engineering breach. Verizon also reports that nearly 60% of breach victims last year were small businesses — a category into which credit unions certainly fall. Verizon also indicates the motivation behind 76% of the attacks it investigated last year was to steal money or inflict financial damage, an outcome that poses obvious pitfalls for credit unions, in particular. The pressure is on to show that you are taking the steps to properly safeguard members’ information just as effectively as the big banks do for their customers.

Going beyond the basic attacks, recent studies show many organizations are underprepared for the surge in new and sophisticated malware attacks. These are far more sophisticated than stealing a password, and many credit unions may find their in-house teams unequipped to take on preventative measures in-house or find those measures too complex to tackle without help.

This is a lot for credit unions to deal with on their own, and I haven’t even begun to discuss the National Credit Union Administration’s (NCUA) imminent cybersecurity audits. Just this year, the agency, along with the Financial Services Information Sharing and Analysis Center (FS-ISAC), rolled out a webinar on its new exam tool, the Automated Cybersecurity Examination Tool (ACET). NCUA plans to begin performing cyber-examinations on credit unions later this year.

Never fear, help is coming right away, in the form of Cybersecurity education and resource sessions hosted by the New Jersey Credit Union League:

Don’t wait another minute. Take a proactive approach and register today!