Gone are the days of Bonnie and Clyde, when a car with a V-8 engine was the preferred vehicle for robbing financial institutions. Today, the threat has moved into the less tangible cyberspace, but credit unions are still targets.
At Filene Research Institute’s Jan. 26 Research Colloquium, “Credit Unions in the Crosshairs: Cyber Losses Are Real,” credit unions from all over the country gathered to learn more about how cyber fits into today’s evolving risk landscape.
My colleague, Jay Isaacson, Vice President, Business Protection and I were fortunate enough to be asked to present at the Colloquium on what today’s cyber risks look like, and how credit unions can best protect themselves from cyberattacks and data breaches.
The troubling reality is that no credit union is completely excluded from being the target of a cyberattack. In fact, we’ve seen credit unions across the asset spectrum from all corners of the country impacted by data breaches.
And, with the growing complexity and connectivity of credit unions and their products and services, the severity of data breaches is only growing, as is the average cost per incident. The ever-increasing risk of a breach means there has never been a better time for credit unions to take proactive measures.
So, what can credit unions do to protect themselves in a risk landscape that is changing and evolving daily?
First, they must know how data breaches occur. The most common events we see that lead to a data breach are: employee negligence or theft, lost or stolen laptops, vendor leaks or mistakes, and network hackers and malware.
Next, a common denominator of many cybersecurity claims is the lack of data encryption, meaning the single best preventive measure credit unions can take to protect against these potential risks is implementing layered levels of security that protect data at rest, in motion and in use. If credit unions encrypt the data they transmit, as well as the data that resides on their network, mobile devices, backup tapes and disks, they can drastically reduce their risk.
Additional protections include blocking access to personal email accounts on network computers, implementing endpoint security on devices connected to the credit union network and deploying a data loss prevention solution.
For more ways to protect your credit union and to learn more about cybersecurity risks and best practices, keep an eye out for Filene’s research report – based on insights from the Colloquium – which is expected to be released this April.