Internet security isn’t something credit unions and other companies can let fall by the wayside. Software vulnerabilities are dangerous, and criminals are on the prowl, searching for their next victim.
A reported 429 million identities were exposed in 2015, according to Symantec. This might seem like a lot – and it is – but some cybersecurity professionals believe this number is falsely low, with millions more compromised identities having gone unreported. It’s crucial that businesses of all kinds take the necessary steps to ensure all member, customer, patient and other personal data is kept under wraps.
Assess your cybersecurity
Credit unions must take every step to ensure their members’ information is safe. But before making any changes to their current defenses, credit unions should take the time to evaluate the effectiveness of the cybersecurity measures they already have. The Federal Financial Institutions Examination Council created the Cybersecurity Assessment Tool for this purpose.
The National Credit Union Administration encouraged all credit unions to use the tool to determine where there might be weaknesses in their current security measures, as well as to get ideas and advice on where and how to improve.
For cybersecurity measures to be as effective as possible, all credit union staff must know best practices when accessing member information. When new policies are put in place or new software or other technologies are introduced to the institution, hold information sessions for staff. These sessions will give key personnel the opportunity to explain how best to use these tools and perform important tasks without putting any information at risk. It will also give staff the opportunity to ask any questions they have about the new methods or technologies.
Spread the word
Your staff probably isn’t the only group of people you should be focused on educating about changes in cybersecurity measures. Your members have a right to know what actions you’re taking to protect their information, and how they can help in your efforts, too. Inform them about online shopping best practices and how to keep their identifying information private. Credit unions can do this in several ways:
- Post an FAQ page on your website with helpful information about staying protected online.
- Use direct mail or email to share advice.
- Host an education session to address common cybersecurity concerns and also determine needs within your community.
Not only will these actions make your own efforts more effective, but it will also show your members that you are willing to go out of your way to help them stay safe.
In addition to proactive communications, credit unions may also find themselves in a position to address an issue reactively. After a breach occurs at a merchant, card issuers may have to send new cards to their members who were affected. To the consumer, it may look like the financial institution is at fault, especially when it isn’t able to disclose the name of the merchant affected, explained PaymentsSource contributor Karen Pollack. In these cases, it’s important to be patient with members, answer all of their questions, and provide as much information as possible to help avoid another similar situation.
Choose a payments processor you trust
Pollack pointed out that cybersecurity measures must be an all-inclusive effort. Choosing the right payments processor is one key aspect that shouldn’t be overlooked. Your processor must:
- Always be available to address a security risk.
- Have the latest data encryption and fraud protection abilities.
- Be able to communicate with cardholders about potentially fraudulent activity.
- Adapt to the changing fraud landscape.
If your payments processor falls behind on the cybersecurity front, your credit union will too. Always make sure you are still benefiting from the relationship to ensure your members’ security.
Update your cards
The switch to EMV created a lot of frustration and confusion to the payments industry in 2015, but over time, consumers, retailers and financial institutions gradually got used to the change. However, the majority of cards in circulation in the U.S. are still on the old magnetic strip system. Business Insider reported that, as of the end of 2015, barely more than one-fourth of cards in use were chip enabled.
What’s more, just 7 percent of card transactions were done through EMV in 2016. While this is much better than the 0.26 percent of transactions completed with EMV in 2015, there’s still clearly a long ways to go for chip card acceptance.
If you haven’t already adopted EMV, it’s time you do so. Let 2017 be the year your members will benefit from these important industry changes.
Making sure your credit union is up to standards on the cybersecurity front may take a good amount of time, effort and money. But it’s a goal well worth pursuing. Your members will certainly be grateful to be a part of an institution that’s willing to go out of its way to ensure their security.