Managing exposure to data breaches

2014 has already seen a dangerous increase in wide-spread cyber attacks, which have affected millions of US cardholders. With the threat of cyber attacks on the rise, credit unions and their members face an increased likelihood that they will be exposed to a data breach if they do not have the necessary risk management policies and procedures in place.

There are two categories of data breaches a credit union faces:

Internal data breaches are defined by circumstances where a cybercriminal hacks into a credit union’s internal network to gain access to secure account information. These breaches occur when either a credit union employee’s computer has been infected with malware or when a member has been phished and their home banking authentication information has been stolen.

External data breaches involve the capturing of a member’s card payment information from an external source, like point of sale devices at retailer locations. Once a point of sale device is hacked by a cybercriminal, they gain the ability to redirect the card data to themselves at the time of each swipe and remotely capture the full unaltered magnetic stripe information of each card-paying customer.

How do Credit Unions Reduce the Risk of Exposure to Data Breaches?

There are many ways to prevent cybercriminals from getting into your credit union or attacking your credit union members:

• Keep abreast of new cyber risks and learn how these threats can impact a credit union and their members
• Monitor, prepare for, and react quickly to security breaches
• Utilize layers of security to prevent system intrusions and payment transactions
• Educate your employees and members about how they can help to prevent a data breach:

1. Never open emails or email attachments from an unrecognized source
2. Lock or turn off computers when not in use
3. Utilize system intrusion monitoring and detection systems to detect malware

• Set daily dollar and transaction limits for members to help reduce the amount of funds exposed
• Require passwords from employees before accessing member accounts or administering external transfers
• Monitor password change reports; an uptick of members changing their PIN or password may be a red flag the member was phished for information
• Require multifactor authentication for online account access:

1. Something you know – password
2. Something you have – security token
3. Something you are – biometrics verification

• Validate and confirm that your credit union’s third-party vendors also have substantial risk prevention measures in place
• Implement effective security technologies like tokenization, end-to-end encryption, and chip technology for payments
• Develop a strong risk management plan with inclusion of products and services that are built to reduce the impact of, protect from, and react to internal and external data breach exposures; such solutions include:

1. Payment protection, management, and reporting
2. ID theft/fraud monitoring and mitigation
3. Breach prevention technology and response planning
4. Cyber liability insurance
5. Comprehensive credit union bond coverages

What Does This Mean for Credit Unions Going Forward?

Fighting the war on cybercriminals will not get any easier for credit unions going forward. Today’s cybercriminals are becoming even more sophisticated in their attack methods, which increases the possibility that the secure information of credit union members are at risk of exposure from these external and internal data breaches. Traditional breach and fraud prevention technologies may help with some level of protection, but since the criminals are so advanced in their technology, credit unions need to look ahead at loss prevention techniques and measures that are available to help combat the cybercrime.

Allied Solutions partners with a number of highly regarded producers of risk management solutions to offer a comprehensive suite of products and services that can help your institution to better prepare for, respond to, and reduce the impact of data breach exposures. These solutions offer end-to-end coverage for your institution and members by assisting with the implementation of robust data breach prevention and response measures, while also providing protection from the sometimes crippling costs related to breach recovery and remediation.

Credit unions faced with a cyber attack could face interruption in day-to-day operations, lost revenue, and a permanently damaged reputation. Don’t wait until you are targeted to react to these risks, as it is only a matter of time until you and your members are affected by the next major attack.