Get the latest news and information from CU Insight delivered to you anywhere.




Getting Serious About Security

Posted by George Pasley, iMazuma on January 18, 2013


by George Pasley, iMazuma

Over the last couple of years we’ve seen two high profile data breaches.  In September of 2011, a hacker was able to gain access to Experian credit report users by infiltrating Abilene Telco Credit Union.  In October of 2012, The SC Department of Revenue had over 70 gigabytes of data containing tax returns dating back to 1998 stolen.

Initially, it was thought that a hacker somehow tunneled into the networks through un-patched systems.  Now it is believed that malware installed on an employee’s computer caused both breaches.

This begs the question: how did malware get onto a company computer?  IT departments are fanatical about keeping their anti-virus software updated. They also use firewalls, spam filters and other appliances to safeguard their networks. But all of this can be for naught if a single employee clicks on a curious link in an email they received.

Employee education on computer security is minimal at best.  Usually it consists of a company-wide email and/or a page in the employee manual/portal.  This has got to change.  Everyone at your credit union should be required to go through security training.  Everyone is a target, from the tellers to the CEO.  IT staff shouldn’t be excluded either.  In the SC DOR instance, it is suspected that an IT worker was the cause of the breach.

And spoofing emails is pretty trivial also.  For a majority of credit unions, I’m sure their email addresses have one of these formats:





All a hacker has to do is send a test email to one of your officers, whose names are listed on your “About Us” page.  Once they have the correct format, they can then spoof it from another officer to make it look legitimate.  Are you sure your employees wouldn’t click on a link sent from a higher up?

Customer data is the new digital currency.  Financial institutions have a treasure trove of information, and most of it isn’t encrypted.  All one needs is a couple of usernames and passwords to have access to it all.  Safeguarding that information is your duty.  Training your staff on how to keep it safe should be a high priority. Taking care of your data is the best way you can show your members your superior service.


George Pasley
George Pasley is the founder of iMazuma, a web software company based in Charleston, SC. iMazuma specializes in back office automation software and recently launched FS Vendors, an online financial services vendor directory. You can follow iMazuma at @imazumahq and George at @gpasley

Read More »
Post a Comment

CU Partner Profiles see more »

  • At CSCU, we understand relationships and what it takes to grow your credit union.  Because we are owned [...] read more

  • CUES® is an international membership association dedicated to the education and development of credit union CEOs, directors and [...] read more

  • Rochdale is the only credit union consulting firm focused solely on your success in the areas of Enterprise [...] read more

  • JMFA is a leading provider of profitability and performance-improvement consulting. For more than 35 years, JMFA has been [...] read more

  • Member Loyalty Group is a CUSO that helps credit unions drive bottom-line results through organization wide Voice of [...] read more