As Credit Unions of every size – national, regional, and community based – increase the collection of customers’ personal and financial information, they become serious targets of cyber crime. As such these unions are encouraged to understand that they are in a cyber security battle and must keep fighting the vice on all fronts.
A recent study by the Hartford indicates that middle and smaller organizations have less sophisticated security controls and are therefore at a greater risk. Some of the cyber security threats faced by these organizations include;
- Malware attacks
- Insider attacks
- Denial of Service attacks (DDOS)
- Data or system destruction and corruption, and
- Online credential theft and fraud
Protecting your Credit Union
The first step to protecting a Credit Union and any other financial organization from cyber crime is to establish a formal cyber threats plan and a resilience program.
The National Institute of Standards and Technology (NIST) Framework creates a simple template that these small and middle sized Credit Unions can follow to manage cyber risks. These best practices dwell on the need for early assessment and proactive identification and address of complex data security issues before cyber events occur. According to the NIST framework, Credit Unions need to identify the following as their main objectives in the cyber security war;
- Response to, and
- Recovery from risk
In order to achieve these objectives, each institution must make deliberate efforts to identify, assess, and address relevant cyber threats.
- Identifying risk
Risk identification involves an attempt to fully understand the types of information and data the organization has and the potential cyber threats it faces. Additionally, the organization must understand the likelihood of attack through internal and external threats and the potential damage.
- Risk assessment
This step involves reviewing and creating information security policies to protect cyber assets while guarding against actual and potential cyber security threats. Monitoring and access control, encryption, and safe disposal of critical information are all covered here.
- Addressing cyber security threats
Finally, addressing cyber security threats refers to cyber preparedness and the development of various response protocols in case of an attack. It involves; assessing the nature and scope of the incident, identifying what information has been compromised, prompt notification of federal regulators, containing the incident, and notification of affected customers (if necessary).
Details of these and more can be found on the NAFCU website.