5 steps to prevent data breaches at your credit union

There are some categories where no company wants a first-place ranking: number of defective product recalls, number of malpractice suits and number of data breaches, to name a few. (That last title, most breaches and records stolen (40 million), went to Fling.com, a Florida-based online relationship service.)

Globally, data collected by the Breach Level Index shows 974 reported data breaches over the first half of 2016, totaling 554.5 million records. The 2015 Index puts the total of stolen records at 707.5 million. Breaking it out, that’s 1.9 million records compromised every day, or 22 every second. Malicious outsiders accounted for more than half of last year’s breaches, while about a fifth were inside jobs.

Reaching for your Excedrin yet?

Data breaches are major headaches for high-security-risk organizations, like financial institutions, healthcare providers and wealth managers, not to mention exposure of consumers’ personally identifiable information. Moreover, it’s expensive. In its 2016 Cost of Data Breach Study: Global Analysis, the Ponemon Institute found the average total cost of a breach is between $3.8 million and $4 million.

Beyond cost, hacking incidents cause severe side effects, like reputation damage, loss of trust and diminishing customer base. Factoring in reparations, potential fines and likely stiffer regulation, and it’s clear that following best practices for preventing a breach is better than the cost and grief of recovery.

Global cloud IT traffic is expected to account for more than 90% of total data-center traffic by 2020, reaching 14.1 zetta bytes, up from 3.9 zetta bytes/year in 2015. This trend won’t reverse; the need for and advantages of digital technology and ready access to information far outweigh the drawbacks. We can’t limit it, so credit unions must know the risks in their systems and ensure strong security practices.

What’s can you do now?

With the growth of digital banking and the use of business analytics, as well as people’s reliance on digital shopping and ordering, we’ll see an explosion in the amount of sensitive data flowing around the world. Below are a few of the trends predicted by Experian’s 2017 Data Breach Industry Forecast:

Forecast Counteraction
“Aftershock” password breaches – Companies will face recurring impacts from past breaches, as cyberthieves stagger the sale of passwords. Require multi-factor passwords and force periodic changes. Consider biometrics and text alerts, and provide ongoing customer/employee education.

Nation-state cyberattacks – Experian predicts more attacks between countries that could cause general outages or huge PII exposures.


Be alert to possible data exposures, ensure adequate insurance and partner with a firm that offers security at the Enterprise IT-ready level.

Payment attacks – These breaches will grow due to uneven EMV use, new crime tactics and thieves hitting smaller retailers and institutions. Speed up EMV Chip and PIN adoption, follow security best practices and pay attention to weak spots like POS skimming.

Virtual StrongBox incorporates rigorous and comprehensive security practices to protect credit unions’ data and their members’ PII. Consider these security protocols from our expertise and years of helping financial institution safeguard sensitive information:

  • Safeguard all data no matter where it is in your system. Of the 707.5 million hacked records in 2015, most of the stolen data was useless because it was secured by encryption technology. At Virtual StrongBox, our patented end-to-end security protect credit unions’ data (and that of their members) at all times.
  • Restrict downloads and external transfer of data. Your information is vulnerable when files are copied to flash drives, insecure software is downloaded, or being sent via Bluetooth connections, as these all have areas of exposure. Rather than sending sensitive information via email, “snail mail,” fax or other weak channels, choose a Secure file-exchange platform. Virtual StrongBox provides clients and their customers convenient, immediate access to their files and documents, while the data remains encrypted on our servers.
  • Protect every computer and mobile device. Make sure your credit union has appropriate security for all desktops, laptops, tablets, cell phones and company servers. Use strong antivirus software, internet firewalls, and security suites, and continuously track who has access to the equipment, regularly updating and testing security protections.
  • Enforce a “strong password” policy and eliminate auto logins. Require various character types and force periodic password updates. Set restrictions on reusing old passwords or the same ones for multiple programs. Don’t allow employees to automatically log into websites and email systems unless they are secure, certified sites or computers.
  • Educate employees and members on fraud prevention. Set up automatic reminders to not open emails or download attachments from unknown senders or unfamiliar addresses. Urge them to never provide usernames, passwords, account numbers or any other PII in an email message or pop-up window. Email is not safe! Also, require staff to “log off” after using secure service sites.

Breaches aren’t going away. Cybercrime is a lucrative business and hackers will continue creating new schemes to get at your data. Fight back through constant vigilance, updating your software as new versions are available and using security best practices including data-encryption. Financial institutions are prime targets for cybercriminals, and your members trust you to safeguard their private information; make it a top goal.

Ron Daly

Ron Daly

Ron Daly is the president and CEO of Virtual StrongBox, a secure, end-to-end member engagement platform that can be integrated into various workflow processes to provide high-risk Enterprise IT firms ... Web: www.virtualstrongbox.com Details