How well-defended against security breaches is your credit union – or your bank? Frankly, you probably don’t know, as reporting regulations vary from state to state, and if you live where it’s not required to disclose the breach into channels that are part of the public record, you may not find out until the financial institution acts to repair the damage.
Of course, as a scan of the headlines will tell you, most security breaches occur outside of the financial sector, as retailers and educational intuitions have far lighter legal dictates in place for how their data is maintained, and at least 50% of catastrophic breaches come from these two areas. However, the effects of these trickle down to the level of your credit union – according to a recent survey completed by the National Association of Federal Credit Unions, the recent Target stores breach cost the average institution $45,000 in fraudulent activities, and compromised as many as 110 million debit and credit card accounts.
However, in the “always on,” internet-connected world we live in, direct threats to financial institutions are constantly gaining in sophistication, with criminal organizations even producing hacking kits to sell to those wanting to get at your money. Sadly, little has changed from when notorious bank robber Willie Sutton was quoted replying why he robbed banks: “because that’s where the money is.” With ever-increasing technology, hacking into the vault will have its appeal among thieves.
You have likely heard of the malicious Heartbleed Malware that was recently exposed to the public. Although the reported effects of this malware are still in the early stages, many experts believe that credit unions are not significantly impacted directly, but technologies they use could expose private client data.
Much of the cyber-crime out there is practiced on an individual basis, with often intricate “social engineering” scams to extract personal and account information from the unsuspecting, and even those who should know better. The bigger the prize, however, the more it will draw attacks, and it is not uncommon to have dozens of unsuccessful cyber intrusions for every one that finds its way into the news, with the frequency increasing every year.
Bills are pending in Congress to help tighten up the rules under which retailers and other vendors operate, including the Data Security Act of 2014 under which “any business experiencing a data breach would be required to investigate the scope of the breach and report all findings to appropriate government agencies”, and the Personal Data Protection and Breach Accountability Act “designed to deter preventable breaches, minimize consumer damage and facilitate information sharing between the federal government, law enforcement and the private sector.”
Of course, credit unions, operating under the Federal Reserve Board’s “Regulation E” electronic transactions guidelines, offer significant protections to consumer accounts, although business accounts may have to depend more on new FFIEC (Federal Financial Institutions Examination Council) supervision which assists in defensive security measures. It is a sobering thought, though, that some reports indicate that as much as 80% of credit union breaches are “inside jobs.” One industry spokesman noted: “The bad guys are now using advanced threats to steal credentials and pose as employees, and once on the network, they look the same as good guys.”
What can you do?
One of the best options for the credit union market, aside from specific IT-related defenses, is to implement a full-scope enterprise document management solution such as Contentverse. Putting a system of this sort in place enables the organization to have fine-grain access control to its documentation, and minimize the amount of “sensitive” paper that’s available. Coupled with dual-layer, 128-bit encryption, most operations can narrow the windows of vulnerability simply by going with an ECM package and avoid security breaches.
One of the noted breaches involving a credit union in recent years was the 2011 Pentagon Federal Credit Union case, where a laptop with access to the institution’s files was hacked —possibly via a downloaded game— highlighting the need to detailed security protocols involving system-integrated mobile tech. Being that credit unions tend to be smaller than banks, they are faced with issues of scale. Although a neighborhood storefront of a big bank is likely to have all the corporate security elements in place and defending its accounts, a small free-standing credit union is probably going to be having to fend for itself.
About the Author: