As more consumers rely on mobile and online banking, it’s crucial that financial institutions prioritize cybersecurity. Credit unions and banks that don’t stay up to date on the latest security measures don’t just put their business at risk – they also jeopardize the personal and financial information of their members.
For the most part, CEOs believe their cybersecurity efforts are effective and substantial to fight against any attacks. One survey from RedSeal, a cybersecurity analytics firm, and 72 Point, a data company, found that 80 percent of executives are confident in their strategies, reported The Wall Street Journal.
However, these professionals’ confidence is largely misplaced; the survey also found that the same percentage of companies were at risk of an attack. And many times, the CEOs’ opinions of their companies’ security is based on best practices that are outdated by about two years.
Letting cybersecurity efforts fall to the bottom of your priorities is never OK. Security efforts aren’t something to accomplish once and forget about – they require frequent attention and periodic analyses and updates. Once the effectiveness of a cybersecurity strategy begins to wane, your members are put at risk, as is your institution.
Take these action to be sure your credit union is up to date on the latest security measures:
- Have a dedicated cybersecurity staff member
Cybersecurity isn’t something to address every once in awhile, or something you can put on autopilot. It needs to be continuously monitored and adjusted to ensure optimal protection. It’s typically a bigger task than an executive or staff member to take on in addition to regular work duties. The Filene Institute also warned against turning to third-party companies to take care of cybersecurity tasks. Instead, hire someone with the right training and experience to ensure that your credit union is safe.
- Assess your risk
Before you begin to make progress, you need to know how you’re doing so far. As such, prior to pursuing any updates to your cybersecurity strategy, conduct a risk assessment to determine where your strengths and weaknesses currently lie. The Federal Financial Institutions Examination Council created a Cybersecurity Assessment Tool for this very purpose. Once you know which areas need your attention most, you can begin to improve in a strategic fashion.
- Include your board members
Your board members are an important part of your credit union’s structure, and as such, they need to be included on all major decisions and workings of the institution. Credit Union Magazine pointed out that all board members should have a clear understanding of:
- The scope of your online resources.
- The frequency with which they are used.
- How sensitive information is stored.
- Who has access to that information.
- What measures are taken to ensure that information is secure.
If your board isn’t up to date on your latest efforts, it might be time to host an informational meeting. Additionally, board members can be incredibly useful with their unique expertise. If you have a board member who is involved with the cybersecurity industry, reach out to that person for additional advice.
- Be prepared for ransomware attacks
Ransomware attacks can be especially damaging, with the potential to expose or completely lose member information while criminals demand payment. As big banks and other large institutions begin to bulk up their security against ransomware attacks, credit unions and smaller organizations are becoming more likely targets, according to Credit Union Times.
While the FBI advises businesses not to give into the demands of ransomware attackers, an IBM Security survey found that 70 percent of businesses admit to paying up and not turning to the authorities, according to CyberScoop. About 50 percent of the businesses surveyed said they had paid $10,000 or more to hackers, and 20 percent said they’ve given $40,000 or more to attackers.
If your credit union is compromised and you find yourself with the tough choice to either pay up or lose information, don’t hesitate to call law enforcement for assistance.
But the best way to lower your chances of getting caught up in a ransomware attack is to simply not give the attacker the power to demand money from you. That is, don’t let your information be accessible – this is where your cybersecurity professional will come in. And if a hacker should get his or her hands on your data, be sure you have access to a copy of it, too. Backup all data on an external hard drive that you keep offline where no one can access it.
- Train your staff, board and members
For your credit union to be as effective as possible in keeping hackers out, it’s important that every single person involved in your institution is on the same page. This goes for everyone working at your credit union, every one of your members and each board member. Make information about online banking best practices readily available to everyone. Whenever a new policy, piece of technology or practice is introduced to your credit union, be sure each staff member has the proper training to understand it effectively.
Moving forward, be sure you’re not letting your credit union’s cybersecurity get passed up by other tasks. By making it one of your top priorities, you’ll be showing your members that you are invested in their security while also protecting your institution.