Use business continuity planning to prepare your CU for a cyberattack
What happens to a credit union following a cyberattack? Traditionally, loss of member data, direct theft from accounts, regulatory scrutiny and the requirement of refunding members’ money or replacing cards are some of the most common aftereffects.
But an even more worrisome cyberattack effect is the disruption to business continuity and inaccessibility of online banking, mobile banking and ATM networks. In fact, a disruption to service could potentially affect credit unions even more dramatically than would a data breach.
So, just as a credit union plans for business continuity related to natural disasters, it also should prepare specific plans for responding to a cyberattack. A business continuity plan provides an organization with appropriate instructions and procedures as a response to a disaster. Such continuity plans cover the areas of assets, human resources, notifications to business partners and the management of business processes.
It’s important to note that a successful cyberattack disaster recovery plan is regularly updated and tested by all relevant employees. In order to minimize downtime, two questions should be addressed when building a business continuity plan specific to cybercrime.
How Good are Your Data Back-ups?
In the case of a breach, credit unions must ensure that their data is protected and backed up regularly. A robust back-up protocol ensures access to vital data in the event of an attack that shuts down the member database or locks access to transactions or accounts.
As part of the planning process, credit union executives must confirm that their back-up process is run often enough to protect the institution, and can come to the rescue when the regular system is compromised. Finally, credit unions must verify with the back-up vendor that the process operates as expected.
In addition to verifying that all data is backed up, credit unions should regularly test the backup restoration process to ensure it works effectively. They also should work with their back-up provider to ensure the back-up data is secure and that there is minimal risk that the back-up data could be corrupted or accessed.
Does Your Overall Business Continuity Plan Incorporate Cybersecurity?
While many business continuity plans are centered on events like natural disasters, cyberattacks are becoming an even greater risk. Even if an attack does not compromise member data, as would be the case with hackers shutting down the online banking server with a DDoS attack, any attack can cause damage.
To prepare for such instances, it is vital that credit unions compile an incident response protocol, which trains employees on what to look for as well as the steps to take when a potentially damaging attack has been identified.
