NAFCU Services Blog

October is National Cybersecurity Awareness Month which means it’s an excellent time to make sure there aren’t any unseen forces within your credit union that have nefarious plans for your members’ money.

Earlier this year, Wired Magazine wrote about the biggest cybersecurity threats for 2015. Three of these are indeed scary prospects for the credit union industry, but the key is to make sure you are doing everything you can to prevent these scenarios:

• Data Destruction: Malware exists that erases data and boot records, so it is vitally important to make sure you have an excellent data backup plan.
• Bank Card Breaches: This is a threat that isn’t going away any time soon, so it is important to be moving towards tokenization technologies to prevent this. NAFCU has partnered with MasterCard to help credit unions move towards this. For more information you can check out this webinar from earlier this year here.
• Third Party Breaches: The data breach at Target stores is an excellent example of why you need a strong Third Party Risk Management Plan. For more information on this, check our recent webinar or blog posts here or here.

The costs of cyber threats are no joke to financial institutions big or small. According to the National Small Business Association, 44 percent of small businesses have been the victims of a cyber-attack. Clearly, it is worth the investment to review how sound your security is. The following tips from the Department of Homeland Security are an excellent place to start.

Cyberattack Prevention Tips and Practices

• Have a plan. According to staysafeonline.org, 59% of small and medium size businesses in the United States do not have a plan that outlines procedures for responding and reporting data breach losses.  A number of these plans are covered in various compliance frameworks that may already exist, but as shelf ware.  If this describes you, now is the time to formulate both short and long term plans.
• Utilize the latest software. Make sure you have antivirus and antispywear and update it regularly.
• Educate. Make sure that all of your employees are aware of cyber threats and educate them on the steps they must take to help combat these attacks.
• Invest in data loss protection software, use encryption technologies to protect data in transit, and use two-factor authentication where possible.
• Passwords. Use strong passwords throughout your organization and have employees change them regularly.

Who Should You Call?

What should you do if you’re unsure if your organization is prepared to navigate this threat landscape? If you are not sure where your cyber security threats may lie or even where you should be looking, consider going to an outside vendor. NAFCU and Knowledge Consulting Group (KCG) have partnered to provide comprehensive cybersecurity solutions.

KCG provides expert services in penetration testing and cybersecurity advisory services. Their tests offer simulation of potential attack vectors and scenarios most likely to impact the overall credit union environment, from IT systems to social engineering. They provide risk management, governance, operations, and compliance services to help credit unions navigate the complexities of the evolving cybersecurity landscape.

So take an inventory of your practices, make a plan, and evaluate where your weak spots are.

Knowledge Consulting Group is a subsidiary of ManTech International. For more detailed information on penetration testing or cybersecurity advisory services, visit KCG’s preferred partner page.