Securing systems, data and client funds must be a top priority for credit unions, says FutureRange Managing Director Michael Rooney.
Credit unions, like other financial institutions, are a potentially lucrative target for cyber criminals because of the sensitive client information and funds that they hold. Yet, many appear insufficiently aware of the potential risks—and costs—of falling victim to cyber crime.
If your organisation is targeted, cyber crime can be very time-consuming and expensive to remediate. Between 2020 and 2021, the average cost of a ransomware attack more than doubled from €718, 583 to €1.75 million. And it’s not just the financial impact that you need to worry about—there is also potential reputation damage not to mention the time needed to remediate and restore systems. As of March 2021, the average time to restore after a ransomware attack stood at 23 days.
Cyber threat landscape
In Ireland, as elsewhere, the online banking and financial services landscape is rapidly evolving. Technology is a key enabler of change bringing new opportunities and benefits for organisations and their customers. However, it also creates opportunities for crime.
Among other risks, data breaches that target members could damage your credit union’s reputation, cyber security gaps could place members’ personal data and other sensitive information at risk while cyber attacks could result in operational downtime and revenue loss.
We have all received scam texts and phishing emails seeking to steal our personal or financial information. Other online threats include:
- Ransomware is a type of malware that infects your computer network and other devices. Once infected, your data is locked and encrypted, making it unusable and inaccessible until a ransom payment is received.
- Viruses are a form of malware which, when executed, replicate themselves and modify other computer programs to insert their own code.
- Worms, like viruses, replicate themselves in order to spread across a network causing harm by destroying files and data.
- Trojans can be used to steal financial information or install ransomware. These are one of the most dangerous forms of malware and are often disguised as legitimate software.
- Keyloggers record keystrokes on your keyboard and send sensitive information such as credit card details, passwords and other user credentials to a cybercriminals.
- Spyware is malicious software designed to enter your device, gather your information, and forward it to a third-party without your consent. This software is used to profit from stolen data.
Five Cyber Security tips for Credit Unions
Protecting your credit union and members means ensuring that the right culture, systems and staff training are in place and that you know how to react and what steps to take if your network and systems are compromised.
There are also some simple, practical measures that will help to keep your organisation safe. These include:
- Ensure all user accounts use multi-factor authentication. Users should never use work credentials on public Wi-Fi networks. Remember that while your local office firewall will help keep threats out of your business network, it is powerless to protect an employee’s work smartphone when they’re traveling.
- Protect yourself from malware by using anti-malware software.
- Keep devices and software up to date. (Manufacturers typically release regular updates that not only improve the software but also fix or ‘patch’ any discovered vulnerabilities)
- Access to data and services should be on a ‘need-to-know’ basis with ‘access denied’ as the default option. This will help reduce the scope for a breach.
- Include a technology audit in your annual audit and internal audit
Ask for help
Accessing the necessary skills to implement effective cyber security can be a challenge, particularly as there is intense competition in the labour market for highly skilled IT workers. If your team requires assistance, FutureRange can develop and implement appropriate solutions and even lay out a recovery plan for possible attacks. We continuously monitor cyber security trends and provide practical support enabling our clients to take the necessary steps to cope with evolving threats.