How education can keep your credit union secure: Part 1 - Member Access Processing

Data breaches are not something any credit union leader should take lightly. When your members’ information is at stake, it’s important to make sure you’re taking every possible measure to make sure hackers stay out.

More than 75 million data records were exposed in 2014, according to the Credit Union National Association. What’s more, the Target breach cost credit unions $30.6 million and required about 4.6 million cards to be reissued. Just one instance of weak security can cost a credit union thousands of dollars, not to mention the confidence of its members.

To fight against the possibility of getting hacked, it’s crucial that credit unions take measures to ensure all data is secure. This probably means updating online systems and hiring cybersecurity professionals to audit your infrastructure. But your measures shouldn’t stop there.

A strong cybersecurity plan starts with a smart staff. Make sure everyone who directly interacts with sensitive data or with customers knows how to keep information secure and out of reach of criminals.

Be sure they know how to recognize and properly address these common threats:

Social engineering

The tactic of social engineering is possibly the oldest method of fraud out there. Social engineering is the use of human behavior to trick people into revealing sensitive data, like passwords, account numbers and other information that can be used to steal funds.

A survey of more than 200 security leaders found that three-fifths of respondents either were or possibly were the target of a social engineering scam in 2015, according to data from cybersecurity company Agari.

Credit unions are particularly vulnerable, Agari’s chief scientist Markus Jakobsson told Credit Union Times.

“Credit unions … differ from larger financial institutions because they don’t have large in-house security teams,” Jakobsson explained. “They are much more dependent on tools provided to them by third parties.”

All of your staff should be on the lookout for fishy emails asking for personal information. Additionally, staff should be wary of people who either call or come into the branch asking for data without offering up identifying information. UCLA’s SEASnet Computing Facility suggested. This includes:

  • Asking callers for their first and last names, as well as spelling.
  • Asking why the caller needs the information.
  • To be careful of downloads from emails.

Web shells

While social engineering has been around for as long as people have been telling lies, there are newer methods of hacking into credit unions’ databases. KrebsOnSecurity explained that web shells are simple programs that attackers can retrofit onto a website to discretely access the information within.

The first and most important act to take in preventing web shells from being installed on your credit union’s website is to keep your website content management system and plugins updated. Updates to these systems are created to defend against vulnerabilities, so to let them go updated is sort of like leaving your door unlocked.

Next, it’s important to have secure, unique passwords for every account you have. Malware can be written to strip a password and apply it where needed to gain access to your website and members’ accounts.

Keeping members’ financial and personal information secure is of utmost priority for credit unions. To do this, you must have a staff that can recognize the signs of hacking attempts and value the importance of updated web applications.