Keeping a credit union's data safe should be a top priority
About two years ago, a small, rural-based credit union received a call from the Federal Bureau of Investigation (FBI) letting them know they had been hacked.
With less than a dozen computers tethered to a network managed by a third-party vendor, the credit union officials were informed an employee had fallen for a phishing scam and opened a malicious link in an unsolicited email. That malware quietly unleashed code to remotely comb through computer files. It turned out, there was little rummaging required; the credit union employee’s desktop included an unencrypted Word file with all the passwords needed for daily functions. A subsequent inspection also showed that key servers were exposed to malware when employees used them for general functions such as web browsing and email.
“Unfortunately, these scenarios are low-hanging fruit for attackers,” says Tom Tollerton, CISSP, CISA, QSA, who is senior manager for the IT Advisory–Cybersecurity group at Dixon Hughes Goodman LLP in Charlotte, N.C. “Lack of threat awareness, poor decisions and unsecured systems make easy targets and can severely increase the likelihood of a compromise of members’ data security.
From the May-June 2018 edition of The NAFCU Journal magazine.