Online Discovery: Data Breaches Now No. 1 Type Of Fraud
From CUNA Mutual Group Public Relations
For more information:
Phil Tschudy 608/231-7188 email@example.com
Rick Uhlmann 608/231-8940 firstname.lastname@example.org
MADISON, Wis. – Data breaches have overtaken theft of physical assets as the No. 1 fraud type, with most data theft occurring in the financial services industry. To avoid crippling financial damage and loss of member trust, credit unions must implement measures to prevent data breaches and have a solid mitigation plan if one occurs.
Speaking to Online Discovery attendees Tuesday, CUNA Mutual Group Senior Risk Consultant Ken Otsuka cited the 2010 Annual Global Fraud Report by risk management consulting firm, Kroll, indicating the information-rich financial services industry leads the way in data theft incidents among various companies at 42 percent in 2010, increasing from 24 percent in 2009.
“Data breaches have quickly become a top concern. They are increasing in frequency and severity in terms of number of records breached and recovery costs,” Otsuka said.
Breaches can involve electronic data or paper and occur in many ways, including:
- Lost or stolen disks, laptops and other data-bearing devices
- Dishonest employees
- System intrusions by hackers
- Negligent disposal of data
- Breaches at third-party vendors housing confidential personal member data.
A data breach can be devastating for a credit union, potentially even bankrupting it, Otsuka said. A 2010 Ponemon Institute study stated the average cost to repair a compromised record was $214. For financial institutions, that cost was $353.
Data breaches cost more than money. “A breach could shake members’ confidence in the credit union’s ability to protect their personal information, which could have a devastating effect on the credit union’s reputation,” he said.
Compliance and legal risks also loom. “The federal Gramm-Leach-Bliley Act requires credit unions to protect and secure members’ personal information. Penalties for non-compliance, whether at the state or federal level, can be severe. In addition, numerous well-publicized lawsuits have been brought by consumers against organizations that experienced data breaches.”
Otsuka urged attendees to implement proper technology, policies and procedures to protect confidential member data. He offered these tips:
- Protect confidential member data residing anywhere on the network, including workstation hard drives and servers. Encrypt data residing on networks, all mobile devices, and in data transmissions over the Internet and email.
- Install a data loss prevention solution (DLP) to identify where confidential member data is located on the network and determine if employees are inappropriately transmitting data via email or downloading data to external devices.
- Lock down USB ports and CD ROM/DVD drives of workstation computers based on employee job duties to prevent downloading of confidential member data.
- Implement an identity and access management (IAM) solution that allows only authorized users to access the network and secures remote access for employees and vendors.
- Have an end point security solution to protect all entry points to the network, including firewalls, and software for viruses, malware and intrusion detection.
- Protect corporate mobile devices by ensuring confidential member data is stored in encrypted format, the devices are password protected, and data can be wiped clean if the device is lost or stolen.
If all else fails, Otsuka advised having an insurance backstop. He provided an overview of CUNA Mutual Group’s Cyber & Security Incident Package (CSI), which provides coverage for credit unions in the event of a data breach.
Online Discovery is CUNA Mutual’s Web-based equivalent of a face-to-face conference without the associated expenses or time away from the office. The free, virtual event attracted a national and international audience of more than 1,800 credit union and league staff. The conference’s future-focused content aims to help credit unions solve problems, face challenges and address opportunities.
CUNA Mutual Group insurance, retirement and investment products provide financial security and protection to credit unions and their members worldwide. With more than 75 years of true market commitment, CUNA Mutual Group’s vision is unwavering: To be a trusted business partner who delivers service excellence through customer-focused products and market-driven insight. More information on the company is available on the company’s Web site at www.cunamutual.com.
CUNA Mutual Group is the marketing name of CUNA Mutual Insurance Society, its affiliates and subsidiaries, including CUMIS Insurance Society, Inc. Product availability and features may vary by jurisdiction and are subject to actual policy language. Corporate headquarters are located in Madison, Wisconsin.