Cyber Security: The War on Credit Unions

As Credit Unions of every size – national, regional, and community based – increase the collection of customers’ personal and financial information, they become serious targets of cyber crime. As such these unions are encouraged to understand that they are in a cyber security battle and must keep fighting the vice on all fronts.

A recent study by the Hartford indicates that middle and smaller organizations have less sophisticated security controls and are therefore at a greater risk. Some of the cyber security threats faced by these organizations include;

  • Hacking
  • Malware attacks
  • Insider attacks
  • Ransomware
  • Denial of Service attacks (DDOS)
  • Data or system destruction and corruption, and
  • Online credential theft and fraud

Protecting your Credit Union

The first step to protecting a Credit Union and any other financial organization from cyber crime is to establish a formal cyber threats plan and a resilience program.

The National Institute of Standards and Technology (NIST) Framework creates a simple template that these small and middle sized Credit Unions can follow to manage cyber risks. These best practices dwell on the need for early assessment and proactive identification and address of complex data security issues before cyber events occur.  According to the NIST framework, Credit Unions need to identify the following as their main objectives in the cyber security war;

  • Identification
  • Protection
  • Detection
  • Transfer
  • Response to, and
  • Recovery from risk

In order to achieve these objectives, each institution must make deliberate efforts to identify, assess, and address relevant cyber threats.

  • Identifying risk

Risk identification involves an attempt to fully understand the types of information and data the organization has and the potential cyber threats it faces. Additionally, the organization must understand the likelihood of attack through internal and external threats and the potential damage.

  • Risk assessment

This step involves reviewing and creating information security policies to protect cyber assets while guarding against actual and potential cyber security threats. Monitoring and access control, encryption, and safe disposal of critical information are all covered here.

  • Addressing cyber security threats

Finally, addressing cyber security threats refers to cyber preparedness and the development of various response protocols in case of an attack. It involves; assessing the nature and scope of the incident, identifying what information has been compromised, prompt notification of federal regulators, containing the incident, and notification of affected customers (if necessary).

Details of these and more can be found on the NAFCU website.

 

Introducing iSheriff Cloud Security

Subscribe to Email Updates

About iSheriff

iSheriff is the leading provider of content and endpoint security from the cloud. We keep organizations and individuals safe from cybercrime, malware and digital threats. Thousands of businesses across a wide array of industries have deployed our solutions, including some of the most sophisticated buyers of security technology worldwide.