Between the financial data collected and personal information held, credit unions are a prime target for cyberattacks. This highly confidential industry is rooted in privacy, and hackers know it. When the average successful cyberattack incident in the financial industry costs somewhere between $4–6 million, cybercriminals have only become more motivated to step up their game.
This is not a question of whether you’ll be hit, but when. Stephen Jones, Senior Director of Cyber Security at Dataprise, recently answered some questions from credit union employees about how to prevent an incident, or at least mitigate the damage of one.
1. What’s the largest risk to a credit union when becoming a victim of a cyberattack?
The loss of data integrity for members is by far the biggest risk for credit unions. A single breach of a mortgage database could be enough to cause severe devastation, if not total collapse. Reputation loss would also be of serious concern to the organization.
2. Of all the things I could do to protect credit union member data, what should I prioritize most to mitigate risk?
Jones recommends a holistic approach that honors the industry’s best practices. This would include endpoint security, defense in depth at the perimeter, and training for both employees and users.
Credit unions cannot rely on just one mechanism. Building an impenetrable fortress in one area is only going to create an opening in another. Hackers target these gaps, so vulnerability and patch management are especially critical for credit unions.
3. How can I help ensure new UX/UI tech platforms don’t pose a security risk?
The best thing a credit union can do is prioritize due diligence. By talking to the vendors and assessing their strategy, you can get a better sense of whether their tech is more substance than flash.
You should also bring in your security team at the very beginning to verify exactly which data is being collected from consumers and how it’s being protected. This can help you avoid wasting time with products that aren’t right for you.
4. Even though you may be able to recover your data with backups, what do you do about all the compromised data that is now in the hands of a bad actor?
There’s unfortunately only so much you can do in this scenario. Once the data is out there, you can’t make changes to it. What you can do is run a damage assessment based on what information the bad actor has, how important it is to the organization, and what the likely fallout will be.
5. Once a threat has been detected, what are the immediate next steps for our employees?
The first step is immediate disconnection from the network. Whether it’s a switch or a cable, this is the best way to mitigate the threat. Employees need to be ready to speak up when they notice anything wrong and alert their team without delay.
6. What is the best way to see if your credit union is prepared for a cyberattack?
It’s recommended that credit unions either run a full assessment of their systems or schedule a penetration test with a team that specializes in revealing the extent of an organization’s vulnerabilities. Having a legitimate party trying to access your data will be far better than having a bad actor discover the fatal flaws in the system.
7. Other than backing up our members’ data regularly, what is the most important step in making sure we’re ready for an attack?
Training and vulnerability management are both pivotal to being ready. Credit unions will also need a highly detailed and logical response plan for when a security incident occurs. The more an organization has thought a potential incidence through, the more likely it will be able to stop the worst before it can occur.
How confident are you in your credit union’s cybersecurity posture? Take Dataprise’s quick cyber posture assessment today to receive personalized insights and recommendations from our experts.