Include members in your cyber security plans
Cybercriminals are becoming more adept at profitable intrusions with each passing day. As “The Internet of Things” creates a more connected world, savvy crooks are finding plenty of cracked doorways allowing them into our once-secure spaces.
The National Credit Union Association (NCUA) is certainly taking the threat to credit unions and their members seriously. In May, the agency announced it would begin including in its examinations an assessment of a credit union’s ability to mitigate cybersecurity threats and respond to attacks.
Help may be on the way. In July, the House passed a bill that would strengthen some of the agencies that were built to help the financial services sector identify threats, respond to cyber incidents and coordinate with government partners.
Assistance from government partners, security experts and third-party vendors is great. However, there is another huge (yet often overlooked) ally for credit unions in the fight to stay one step ahead of cybercriminals – consumers.
Leaders in the payments fraud and security circles have long referred to consumers as a financial institution’s first line of defense. Today, with the prevalence of password and other personal information theft, that is especially true. A credit union that arms its members with information on how to protect themselves from data and security risks is a credit union that is also protecting itself.
At this year’s CUNA Governmental Affairs Conference, NCUA Chairman Debbie Matz called on each of us in the industry to take a proactive stance to cyber security with education. Matz listed sharing our learnings with others in the industry as one of three simple actions for credit union industry leaders. Taking that one step farther by also educating the members we work with every day will go a long way in mitigating the growing threat against the nation’s cooperatives.
Fortunately, it’s become easier to earn consumer attention when talking about fraud threats, particularly when it comes to their credit and debit card accounts. Following data breaches at several popular retailers this year and last, media outlets throughout the country were hooked on the story. As a result, cardholders from all over the U.S. began to take notice.
One of the easiest preventative steps credit unions can encourage members to take is to practice better password security. Lack of consumer adoption of good password practices continues to create problems. This is evidenced by the fact “123456” and “password” remain the top passwords in use today. As a result, more than 20 percent of Internet users have had at least one online account compromised.
Next month, I have the privilege of joining consumers from around our home state at Iowa State University (ISU) as we discuss steps consumers can take to protect themselves and their information from cyber security threats. A part of the National Cyber Security Alliance “Two Steps Ahead: Protect Your Digital Life” tour, the event is designed to educate consumers and businesses about adding layers of security to their everyday online activities.
More businesses, including financial institutions and payments providers, are implementing additional online security features that can help consumers add another layer of security to their accounts. These features go by many names – such as two-step verification, login approvals and multi-factor authentication – and use a variety of methods, including SMS texts to a mobile device or random one-time use password generators. The ultimate goal of each feature is the same, to allow only authorized people access to an account. However, for these features to be truly successful, users must understand why they are necessary and how to engage with them.
U.S. Senator Chuck Grassley, Iowa Attorney General Tom Miller and ISU President Steven Leath will also be a part of the event – evidence the cyber security threat is reaching the top levels of many different sectors. The morning will feature a hands-on demonstration showing attendees how to step up their security on sites like Google, Facebook and LinkedIn. The event will end with a panel discussion in which I will be joined by experts from the Federal Trade Commission, ISU and the Better Business Bureau.
Iowa Credit Union League (ICUL) President and CEO Patrick S. Jury is encouraging credit unions and their members to attend event. “Credit unions are not immune to the cyber security threat,” he said. “In fact, half of all targeted cyber attacks are aimed at businesses with fewer than 2,500 employees. Our member credit unions can benefit from understanding how to talk with their members about steps they can take to protect their financial, social and other connected accounts.”