Let’s raise the data security bar

If you’re like me, it’s getting old. Seems like one news story after another is focused on compromised data or other cybercrime.

The records of 100 million consumers are at risk, thanks to cybertheives breaking into Anthem’s database. Some 56 million people learned their credit card detail was siphoned off cash registers at Home Depot. A security flaw exposed the PII of hundreds of thousands of current and prospective students at Auburn University. And lest we think financial institutions’ track record for security is intact, we need only recall the 76 million individual accountholders and seven million small businesses whose PII was hacked at JPMorgan Chase – the largest U.S. bank.

Experts say hacking into people’s sensitive information isn’t slowing down because the lucrative benefits push online criminals to learn new tricks. For the 15th consecutive year, identity theft has held the top position on the FTC’s list of consumer complaints.

Are we doing all we can?

For today’s financial institutions, security is a top priority, which it should be. It’s on your members’ minds not only because it’s constantly in the headlines, but also because so much of what people do is online – both at work and at home. As their primary financial institution, members trust that you will keep their private information private. But how secure is it really?

Consumers hold credit unions to higher standards, compared with businesses such as retailers, credit card companies and Internet providers. But that trust could quickly evaporate, with the epidemic of breaches we’re seeing.

Credit union professionals who are as tired as I am of the screaming data-breach headlines should consider encryption-at-rest technology for all stored PII. Adopting the best-possible data security isn’t an option anymore.

What else can we do?

Educate your members. Consumers rightfully worry about identity theft, viruses and spyware, but many don’t think about losing valuable documents, like wills or deeds. Some may keep them in a safe deposit box, while most just use a folder in a file cabinet at home. Offer your members secure online storage as a value-added service. But instead of “traditional” cloud storage that offers little to no protection, choose a provider that cares as much as your credit union does about safeguarding important files. Make sure your service is housed in SSAE 16-certified data centers, uses redundant storage devices, and encrypts files as documents are loaded, as well as during storage.

Also, encourage password safety. It’s amazing how many people think it’s okay to use the same password for multiple accounts. For this, PC Magazine offers some sage advice: “If ‘fido’ gets cracked once, it means the person with that info now has access to all of your online accounts. A study by BitDefender showed that 75 percent of people use their email password for Facebook, as well. If that’s also your Amazon or PayPal password and it’s discovered, say good-bye to some funds, if not friends.”

Raising the PII Security Bar

At Virtual StrongBox, Inc., our solution has been to develop a stronger document-security method to house consumers’ sensitive data. Our patented process allows encryption of all data at rest, as well as in transit, in every database that stores PII. Our encryption at rest method takes all types of data security to a new, unparalleled level – a new standard for protecting data the “financial industry way.”

Isn’t it time for credit union professionals, Regulators and Lobbyists, as well as Trade Associations, who are as tired as I am of the screaming data-breach headlines to demand encryption-at-rest technology for all stored PII? Whether through our process or another provider, encryption-at-rest technology can change the face of security for consumers’ PII. Shouldn’t it become the industry standard?

Given the stress the rising number of breaches and cybercrimes place on consumers – as well as the price that affected companies pay in lost business, recovery and reputation damage – it’s time to raise the bar with a new headline: “Your personal information is so safe, you can take it to the credit union!”