5 Cyber Security Tips for Credit Unions

IT Management, Security

Securing systems, data and client funds must be a top priority for credit unions, says FutureRange Managing Director Michael Rooney.

Credit unions continue to become ever more reliant on complex IT systems. This often involves outsourcing arrangements with third parties. Combined with expanding branch networks, this has increased the operational risk profile of many credit unions.

Your overall control framework must fully address IT and cybersecurity issues. Credit unions must understand and keep abreast of a range of specific IT-related risks to which they are exposed. IT and cybersecurity are good examples of areas where effective risk management is fundamental to strengthen your operational resilience.

The European Digital Finance Strategy aims to ensure that participants in the financial system have the necessary safeguards in place to mitigate cyber risks. This package includes proposed regulations on Digital Operational Resilience in the financial services sector (DORA). Irrespective of the scope of these requirements, it will be important for credit unions to consider how these regulatory developments can inform effective risk management of IT/cyber risks1.

If your organisation is targeted, cyber crime can be very time-consuming and expensive to remediate. Between 2020 and 2021, the average cost of a ransomware attack more than doubled from €718, 583 to €1.75 million. And it’s not just the financial impact that you need to worry about—there is also potential reputation damage not to mention the time needed to remediate and restore systems. As of March 2021, the average time to restore after a ransomware attack stood at 23 days.

Among other risks, data breaches that target members could damage your credit union’s reputation, cyber security gaps could place members’ personal data and other sensitive information at risk while cyber attacks could result in operational downtime and revenue loss.

We have all received scam texts and phishing emails seeking to steal our personal or financial information. Other online threats include:

  • Ransomware is a type of malware that infects your computer network and other devices. Once infected, your data is locked and encrypted, making it unusable and inaccessible until a ransom payment is received.
  • Viruses are a form of malware which, when executed, replicate themselves and modify other computer programs to insert their own code.
  • Worms, like viruses, replicate themselves in order to spread across a network causing harm by destroying files and data.
  • Trojans can be used to steal financial information or install ransomware. These are one of the most dangerous forms of malware and are often disguised as legitimate software.
  • Keyloggers record keystrokes on your keyboard and send sensitive information such as credit card details, passwords and other user credentials to a cybercriminals.
  • Spyware is malicious software designed to enter your device, gather your information, and forward it to a third-party without your consent. This software is used to profit from stolen data.
Five Cyber Security tips for Credit Unions

Protecting your credit union and members means ensuring that the right culture, systems and staff training are in place and that you know how to react and what steps to take if your network and systems are compromised.

There are also some simple, practical measures that will help to keep your organisation safe. These include:

  1. Ensure all user accounts use multi-factor authentication. Users should never use work credentials on public Wi-Fi networks. Remember that while your local office firewall will help keep threats out of your business network, it is powerless to protect an employee’s work smartphone when they’re traveling.
  2. Protect yourself from malware by using anti-malware software.
  3. Keep devices and software up to date. (Manufacturers typically release regular updates that not only improve the software but also fix or ‘patch’ any discovered vulnerabilities)
  4. Access to data and services should be on a ‘need-to-know’ basis with ‘access denied’ as the default option. This will help reduce the scope for a breach.
  5. Include a technology audit in your annual audit and internal audit
Ask for help

Accessing the necessary skills to implement effective cyber security can be a challenge, particularly as there is intense competition in the labour market for highly skilled IT workers. If your team requires assistance, FutureRange can develop and implement appropriate solutions and even lay out a recovery plan for possible attacks. We continuously monitor cyber security trends and provide practical support enabling our clients to take the necessary steps to cope with evolving threats.

 

Some related posts

New Enterprise Ireland Grant for Cyber Security

Strengthen Your Defences: Enterprise Ireland Grant and 6 Essential Steps to Boost Cybersecurity

The Importance of Penetration Testing