Newsroom

The Federal Financial Institutions Examination Council yesterday released two statements informing financial institutions on ways they can identify and avoid cyberattacks that compromise user credentials or use malware and how institutions can prepare for and respond to such threats.

The FFIEC noted that cyberattacks over the past couple years have often involved the theft of credentials used by customers, employees and third-party vendors seeking to access a business' systems. It also said cyber criminals can install malware on systems through email attachments and via external devices such as USB drives; or by stealing credentials and placing the malware directly on the systems itself.

FFIEC encouraged financial institutions to "securely configure" systems and services and "review, update and test incident response and business continuity plans," among other things. The council also highlighted various resources with information on how to strengthen user safety regarding online practices.

The FFIEC includes representatives from the Federal Reserve Board, FDIC, NCUA, the Office of the Comptroller of the Currency, CFPB and the State Liaison Committee. NAFCU is working with its members to develop tools and resources for credit union cybersecurity.