The best defense against cyber security threats is an asset already possessed by credit unions. Hint: It’s not hardware or software.
Posted by Mr. Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources, Inc on 8/4/2014

As a consultant focusing on security, I often field questions on which products perform better than others, in particular, anti-virus. Every credit union has a form of an antivirus solution both expensive and inexpensive. Some credit unions have more than one on different layers of their network in efforts of implementing multiple layers of security. However many underestimate the most effective solution. 

Employees are the credit unions’ first line of defense. The criminals understand the inherent flaws in human nature; therefore, prey on it.  Flaws include being trusting, courteous, social, curious, fear of authority, desire to help, and wanting to be liked. I believe these attributes are more apparent in our industry because of the service-oriented model of credit unions.

Much like antivirus solutions, firewalls, and intrusion prevention systems, employees also need to be updated on the newest methods of attack to foil the ‘bad guys’ from obtaining the credit union’s confidential information.  Attacks like phishing, spear-phishing, whaling, website spoofing, and ext. can be thwarted by training employees on current methods of attack.  Some training tips include, but are not limited to:

  • Attributes of suspicious e-mails: When in doubt of a link, type it out.
  • Trust, but verify: Be suspicious without losing positive member service.
  • Identify pharming: Prior to visiting unfamiliar websites, check reviews.
  • New scams and methods for attack.
  • Social Engineering
  • Pretexting: Learn to spot criminals pretexting to divulge insignificant data – info may be significant to thieves bypassing multi layered authentication.
  • Whaling: Don’t give phone extensions or e-mail addresses out.
  • Train cleaning crew on social engineering attacks.
  • Be aware of connecting ‘freebies’ or items found to your PC (i.e. USB drives/CDs/Keyboards).
  • Share stories with other credit unions.
  • Place Google Alert on you and your credit union (google.com/alerts).
  • Test/Assess: Test/assess the security posture. Use even the bad test results in a positive way when training.
  • Compliance: Leverage training and compliance by training employees on your risked based Information Security Policy & Program per NCUA Regulation 748 Appendix A.
  • Don’t forget members: Develop a member education program in line with FFIEC’s guidance on multifactor authentication.

There is a direct relation to a sound security posture and frequent employee training. So, it is important for your credit union to deploy your credit union’s best asset, employees.  Get the employees engaged and tap into their creativity. Ask employees to think of unique ways to breach the credit union, and then update security procedures and training accordingly.  

Categories: Compliance, Education & Training, Technology Consulting & Compliance
Post a Comment
Name:
Email: (Email will not be published.)
Comment:
Subscribe to the Blog

Categories & Archives
Category Filter

Author Filter


 
 

 

Affiliates:

©  Credit Union Resources, Inc. All rights reserved.

 

Contact Us
4455 LBJ Freeway
Suite 1100
Dallas, Texas 75244-5998
Phone: (469) 385-6400
Toll Free: (800) 442-5762
Online Form