Protecting your credit union’s member data starts within your own four walls

There are many ways your members/ customers’ data can be compromised. But the most common may not be what you think. Consider these:

  • Retailer credit card breaches: Headlines report on the spate of recent data compromises (Home Depot, Target, P.F. Chang, UPS). While these generate sensational news coverage – and potential headaches for those affected – they don’t pose the greatest danger.
  • Third-party vendor compromises: NCUA’s requirement for vendor continuity plans, data redundancies and encryption programs is a positive, proactive step for ensuring your data security. But vendors aren’t your primary threat, either.
  • Phishing schemes: Personal devices connected to the Internet, like desktop computers, laptops, and cell phones, can place consumers’ information at risk, especially when adequate security measures are lacking. But these, too, aren’t the main risk.

So where is the risk?

For financial institutions, the most common cause of data breaches affecting your members/customers is accidental exposure, often by your own staff. Maybe someone forgot to log off a secure service site, or an employee discarded a broken laptop before its files were deleted. Or perhaps somebody misplaced a jump drive containing downloaded data files. Whether it’s intentional and inadvertent, members’/customers’ sensitive information can easily be exposed, demanding your vigilance over internal security controls.

Internal data security starts with establishing specific IT responsibilities and data protocols – and ensuring your staff knows and follows them. Data protection should also include staying current on the latest security issues, threats and new programs in the market. It’s a fast-changing and growing industry … keeping pace will take commitment.

Follow the five security “commandments”

To help ensure security best practices, DigitalMailer suggests credit unions follow these five key rules – simple but important reminders we follow ourselves to keep data and Internet communications as safe as possible.

  1. Email is never secure.

Avoid sharing personal information via email: usernames, passwords, account numbers, social security numbers or other sensitive content. Let members/customers know your institution’s policy on requesting sensitive data via email; and if it’s necessary, make sure to encrypt the information using software that supports standard encryption mechanisms.

  1. PCs, laptops, tablets and other mobile devices are never secure.

Don’t ever store personal or sensitive information on your desktop or mobile device – this information should only be stored on central servers. Also, avoid using automatic logins; and keep antivirus software, anti-spyware, and firewalls in place and updated so they work most effectively.

  1. Voicemails and faxes are never secure.

You can’t control who’s on the receiving end of voicemails and fax transmissions, so avoid using them to send private information.

  1. The shredder is your best friend.

Invest in a cross-cut shredder to dispose of any disk or print out with sensitive data. Breaking the disk or tearing the paper into pieces is not enough.

  1. Passwords are not optional.

Make sure your employees follow the rule that passwords must be varied, updated frequently and never shared. If your computer or mobile device turns on without requiring logon credentials, fix it now. If you are asked if you’d like to save your password, the answer is always “no.” Be persistent in keeping your passwords protected.

Unfortunately, keeping personal data completely secure cannot be guaranteed – as schemers and fraudsters are committed to their criminal efforts. For credit unions and banks, it’s critical to continuously address the potential for a lapse in data defense, as well as to follow best practices and ensure there are adequate resources to help prevent breaches and compromises. To keep member/customer data safe, the place to start is inside your own four walls.

Ron Daly

Ron Daly

Ron Daly is the president and CEO of Virtual StrongBox, a secure, end-to-end member engagement platform that can be integrated into various workflow processes to provide high-risk Enterprise IT firms ... Web: Details