Ensuring your credit union website is a safe environment

We are always stressing to our members the importance of being safe when performing banking tasks on their computers or mobile devices. We pass along advice on unique passwords, installing anti-virus software, keeping computer software and apps up-to-date and avoiding public computers and WiFi. But, have you ever stopped to think about the best practices for ensuring your website’s safety? What steps can you take to provide a safe environment for your members’ personal and financial information?

Ensuring your website is a safe place for members to handle financial transactions and access sensitive information grows more important as they become more accustomed to online banking at anytime, from anywhere, and as online criminals become more savvy.

Obtain an SSL Certificate

There are very few industries where the protection of sensitive information is more important than the banking industry. As a credit union, your website is created using https:// which identifies the security of your site. It signifies that communication between computers, including your members’ financial information, is encrypted.

An SSL Certificate helps to ensure a secure connection between a users interaction on a website and the retrieval of information from the server in an encrypted manor. Most notably, SSL certificates enforce a padlock and https:// features of the URL. But as an added bonus, these secure certificates are actually helping to influence search engine optimization.

Use Caution When Updating Your CMS and Plug-Ins

Your website is created and runs through a content management system. The most popular is WordPress, but you may also use Express Engine or another platform. Your CMS is what lets your team, with limited knowledge of coding or web building, add content to, and manage, your site on a daily basis. In addition, your website probably includes several plug-ins, which are third-party applications added to your site’s admin to customize and enhance the functionality of the site.

Like any other software, your CMS and plug-ins will have regular updates that need to be done to keep everything working properly. When you see an alert that an update is available, take caution before blindly hitting “Update.” You may find out the hard way that a simple update now causes plug-ins to have conflict and in return communicate improperly with each other, causing big issues for your site as a whole. Let your IT team, or external development team, handle all software updates, as they can often catch these glitches before they become a bigger problem.

Consider IP Blocking for Admin Access

You may have several employees who have access to the admin section of your credit union’s website. The marketing team is adding blog posts and new promotions, human resources is updating open positions and the lending team is keeping interest rates up-to-date.

To protect the integrity of your site, the best decision may be to add IP blocking for admin access. This ensures that site updates are made from work computers only and not personal computers, which you can’t monitor for viruses or regular software updates. Installing this feature can also help protect the information of your members. By only allowing admin access to your CMS within the walls of your credit union/network, you’re taking an extra step at security monitoring and safety.

Matt Steffy

Matt Steffy

Matt is the IT & Security Office at Lancaster Red Rose Credit Union. He is a malware analyst and reverse engineering enthusiast who also enjoys attending music festivals and concerts ... Web: https://www.lrrcu.org Details