Posted by Kevin Hood, CTGA, IT Consultant, Credit Union Resources, Inc on 2/27/2015

With the proliferation of breaches in today’s environment, many credit unions are spending thousands and thousands of dollars on technical security such as unified threat management (UTM) devices, firewalls, intrusion prevention/intrusion detection, web filtering, penetration/vulnerability assessment testing, and anti-virus solutions.  While all of these protections are valuable and important to have in place to reduce risk, many credit unions are overlooking their weakest link – staff.  All it takes is one successful social engineering attack on your staff, and a hacker has just thwarted the thousands of dollars spent on technical and physical security protections you have in place.

Social engineering is defined as a psychological attack where a hacker tricks you or manipulates you into divulging sensitive information.  Examples of social engineering attacks include, but are not limited to:

  • Phishing
  • Pharming
  • Phone calls
  • Physical bait (USB flash drives)
  • Acting as a trusted third party or vendor
  • Use of Fear (angry member, law enforcement, senior manager, etc.)
  • Dumpster diving

Social engineering is a very successful form of hacking because humans are inherently trusting, courteous, social, and want to help… especially in the credit union industry!  In fact, according to the 2013 Data Breach Investigations Report published by Verizon, social engineering accounted for approximately 30% of all breaches.  This is four times higher compared to the 2012 report.

So what do you need to do?  The answer is TRAINING and TESTING, OFTEN!   Your staff is your front line of defense, and a good security awareness training program is imperative to preventing a social engineering attack.  One of my favorite examples of a social engineering test involved a credit union who dropped 20 USB flash drives around their property and branches.  They were shocked when they found that 17 of the drives got plugged into credit union computers – and this was tested only a few months after performing security awareness training!  I was at a credit union recently performing social engineering testing as part of an information security risk assessment, and a staff member gave me full access to their server room without verifying who I was, or if I was approved to be there!

Again, your staff is your first line of defense.  How confident are you that they would recognize and appropriately respond to a social engineering attack?

Categories: Education & Training, Human Resources, Technology Consulting & Compliance
Posted by Stacy Gibson, Senior Internal Audit Specialist, Credit Union Resources, Inc on 2/25/2015

According to the U.S. Treasury website, “The Office of Foreign Assets Control (OFAC) administers and enforces economic sanctions programs primarily against countries and groups of individuals.”  While countries and individuals are the most commonly listed entities on the OFAC Lists, financial institutions are listed as well.

To protect your credit union and your members, financial institutions should be included in OFAC searches.  We cannot take for granted that checking names of members and non-members is sufficient to keep your credit union and your members’ money safe.

Let’s say little Johnny, your member’s son, decides to study abroad.  As little Johnny’s parent, your member did not want to give him cash to carry overseas because they wanted to make sure he actually made it to his destination and registered for class.  Therefore, the member decided to wait until he arrived at his destination before wiring the money to him.  Little Johnny is excited to start his new year abroad.  He has his dorm assignment and class schedule.  All that is left to do is pay for his tuition, fees, dorm, and books before he can begin the new school year.

Little Johnny assumes that all financial institutions will accept foreign wires, so he finds a credit union and opens an account.  Your member goes to your local credit union here in the states and sends money to little Johnny, only to find out the credit union where Johnny opened his account is on the OFAC list.  Due to the credit union overseas being on the OFAC list, the entire amount that was supposed to go to little Johnny is now blocked.  Unfortunately, little Johnny cannot get access to the money and your member cannot get their money back until they apply to have the funds unblocked.

To help keep your members’ money and your credit union safe, remember to include financial institutions in scans against the OFAC Lists.

Categories: Compliance, Financial & Auditing
Posted by Vicky Salkeld, Vice President, Credit Union Resources, Inc on 2/23/2015

Who Are Your Competitors?

The first thing we must do is to identify our competition. It’s easy to see the bank across the street as a competitor. But, it goes much deeper. Think beyond the obvious. We have competition coming from many non-traditional financial institutions. There are other credit unions, online financial institutions, insurance companies, big box stores such as Wal-Mart and many other financial service providers. Who are your real competitors? Which ones really matter to your credit union?

Why Are They Growing?

Financial institutions have had some lean years recently. The economy has put a serious strain on spreads. Some financial institutions are rebounding faster and stronger than others. What is the difference?  If your credit union is struggling to increase membership and/or loans, perhaps it’s time to take an in-depth look at what your successful competitors are doing differently. How do your products and services compare? Are there some you aren’t currently offering, but should? Are you trying to be everything to everyone when you should be sticking with your niche?

Can You Learn From Their Mistakes?

Let’s face it: mistakes hurt. We’ve all made them many times and it is not fun. Pay attention to the failures of other financial institutions and take note. I’m not just talking about the complete failure as in going out of business. I’m talking about smaller scale - a promotion that didn’t go as planned, an event that was poorly attended, negative publicity or failure to have a Plan B. Where did they go wrong? What could have made the outcome completely different? Know what doesn’t work and do your best to avoid it.

Where Are They?

We’ve all heard about location, location, location. The physical location, accessibility and convenience of a financial institution are all very important – but where else do you find them? Visit the websites and social media of your competitors. Do they participate in social or charitable events? Do they have a float in the local parade? Are they participating in local civic clubs? If so, which ones?  Do they participate in shared branching? Your credit union may need to be more visible outside the walls of your building.

Where Do They Spend Their Marketing Dollars?

How are your competitors reaching members and potential members? How are they utilizing social media? Look at their websites. Read the bulk mail that shows up in your mailbox at home. What is being promoted and how? Slow down when fast forwarding through competitors’ commercials on your DVR. What makes your competitors more successful? What about special events, local outreach, and advertisements? After considering their strategies, reassess your marketing plan and overall direction. You may find the need to modify your plan with these factors in mind.

Remember, every credit union is unique. Credit unions have differences in fields of membership, demographics and geographic locations – just to name a few. There is no perfect template for a successful credit union. Identify what works for others, and if it is a good fit for your credit union, try to improve upon it. You don’t have to reinvent the wheel. There are a lot of good ideas out there. Take those good ideas and make them your own. Use knowledge of your competition to steer clear of the bad ideas and avoid the pitfalls. You may find competition to be the best thing that ever happened to your credit union.

Categories: Marketing & Printing, Sales & Service, Strategic Planning & Consulting
Page 1 of 86 (258 items)
Subscribe to the Blog

Categories & Archives
Category Filter

Author Filter




©  Credit Union Resources, Inc. All rights reserved.


Contact Us
4455 LBJ Freeway
Suite 1100
Dallas, Texas 75244-5998
Phone: (469) 385-6400
Toll Free: (800) 442-5762
Online Form