Onsite: The 2014 NAFCU Technology and Security conference kicks off

NAFCU’s annual Technology and Security conference kicked off to a full house at Las Vegas’ Planet Hollywood.

John Sileo gave the keynote presentation with a very interesting story about security and identity theft.  He is the CEO of The Sileo Group, a privacy think tank based in Denver, CO. John had the unfortunate experience of having his identity stolen. Now he’s sharing valuable life lessons he’s learned from that experience.

His presentation discussed how easy it for thieves to steal your identity. Fortunately he also reassured how easy it is to help protect your identity. He thinks most people don’t protect themselves because they get the “deer in the headlight” look when thinking about technology. Taking a few simple steps can help prevent your identity from being easily stolen. Users should implement strong, easy to remember passwords on smartphones, computers, and every other device you use.  Home networks should be configured to deny outside traffic. This will prevent attackers from viewing your confidential data at home. People should also enable online account alerts for any systems that support it. This will alert the account holder to any suspected unauthorized activity.

Credit unions can “nudge” their members into using security mechanisms if they implement the security features by default. He believes most people will use the technology if it is already enabled.

Additional Highlights to help secure your data:

Privatize your browser, turn off cookies, turn off javascript, block websites, leverage parental controls, etc. Use different browsers for different services. Use a separate browser for financial services.

2 factor authentication/ 2 step login (something you know, something you have)

Password and a onetime code sent to smart device.

Thinks credit unions will be required to have this functionality in the next 5 years or so.

Make security training fun. Give small tidbits that employees and end users can relate to and easily understand.

Phishing and Smishing. Explained how to identify these social engineering attempts. Use the hover over technique. Hover your mouse over the hyperlink. Verify where the link is taking you.

He went on to discuss several recent security breaches and explained a few ideas of what you can do to help from being caught in the mix.

Randy Romes with CliftonLarsonAllen, LLP gave an exciting presentation about fraud and prevention strategies. Randy has some great real life stories from engagements he’s conducted over the years. Bringing a mix of video and photos to the presentation really brought home the reality of his work.

He explained why hackers want to target computer systems. Did you know that the cost of cybercrime is about 380 Billion dollars? The global black market for narcotics is 288 Billion dollars. Hackers are lazy and want to go after the “easy money”.

Randy went on to tell how credit unions can implement network security controls to do business safely. IT staff need to stay on top of emerging and continuing trends, learn and understand their Intrusion Analysis reports, and do more than basic blocking and tackling.

He provided several external links to security threat reports and hacking statistics. This is great information to learn about security events that have happened and what might be happening.

Email/SMS phishing, physical security, multi factor authentication, and client side vulnerabilities made for a very interesting conversation. Attendees were surprised to hear how easy it is to perform these attacks.

Randy concluded his presentation with several key things a credit union can do to mitigate risk. Strong policies, defined user access controls, vulnerability management, and having an incident response plan are just a few.

Twanda Baker with SAS presented the next topic of the day. The presentation was titled “Big Data: What should keep you up at night”.  She explained what “Big Data” is. Do you know? Big data is having data of such volume that you must resort to using technology outside of your comfort zone to derive intelligence for effective decision making.

She explained business analytics, visualization of those analytics, and “the sweet spot” areas for credit unions. She provided great examples and practical steps on how your credit union can make analytics work. Expand the use of business analytics where possible, deploy analytics on specific business processes, deploy the right technology, and hire/develop the right skill set are just a few examples.

The day concluded with a social event that gave everyone a chance to discuss the day’s presentations while enjoying a cocktail and some great food. Everyone we spoke with was excited about coming back for day 2.

David Miller is a Co-Founder and CTO/CFO of CUInsight.com, your one stop place for all things credit union.  He has been involved with the credit union community for 12 years. As a Partner in the company, David enjoys wearing many hats. He designs and implements new technologies for CUInsight.com. Additionally, he manages all accounting aspects of the business. David is a published technology author and speaks at credit union events around the country. www.cuinsight.com