Cybersecurity for Credit Unions
As the world shifts from the face-to-face to the face-to-mask or face-to-screen, businesses are adapting. Credit unions must continue to provide vital financial services to their members during the unprecedented economic and health crisis. The digital infrastructure that underpins a company is under constant threat from threat actors. For credit unions, the threat could be in the form of anything from phishing customers to data breaches.
Scott Croskey was the guest of a podcast put on by the Credit Union National Association (CUNA). The title of the episode was Top Cybersecurity Threats. In the podcast, we talked about the landscape and how credit unions can stay secure. Here is an overview of what they discussed.
Conduct Due Diligence on Third Parties
We recommend credit unions to focus on oversight and vendor management for their critical third parties. Due diligence can go a long way in ensuring your vendors and merchants have a proper cybersecurity program in place. You can start by asking them to fill out a security survey periodically. Or rely on third party attestation reports such as the AICPA Service Organization Control (SOC 2 Type 2 reports). In a SOC 2 report, an independent auditor comes into the organization and reviews their cybersecurity and business continuity to ensure they are adequately designed.
Be Aware of Phishing and Ransomware
Ransomware and email phishing attacks continue to remain at all time high levels as criminal organizations use the Internet to profit through illegal activity. Typically, ransomware is delivered through email phishing and there are inadequate security controls in place to stop it. COVID-19 themed ransomware has been used as a hook for phishing emails. With a remote workforce, email has become more important.
Data Breaches and Credit Unions
Many credit unions are migrating to the cloud. As your third parties or your credit union considers migrating some of their information systems to a cloud service provider, the bad guys are switching their tactics to follow suit. They are picking apart vulnerabilities to exploit. Both the cloud provider and the customer have a responsibility. This dynamic is known as the Shared Responsibility Model.
Internal mistakes can also lead to disaster. Unfortunately we’ve seen over half of the data breaches from last year that were attributed to a company that did not properly secure their cloud environment and the result was a data breach.
Ensure Mobile Apps for Credit Unions Are Secure
If your credit union offers members the ability to access their accounts through a mobile application, you should check with the application developer to ensure that they are following proper Software Development Life Cycle practices and are taking security into consideration when developing the application. Because of the sensitivity of the data that could be accessed by members through mobile applications, we highly recommend credit unions use third party security companies to conduct routine security audits of the developer or conduct a source code analysis of the application before it is published.
Protection with CipherBox
Managed Detection and Response (MDR) services are great fits for credit unions looking to step-up their cyber posture in a rapid way. Cipher offers one such and MDR service called CipherBox. MDR allows for a turnkey analytic solution that deploys sensors that monitor and detect risks to your computer networks and cloud environments. Once risks are detected, our security operations team conducts response activities and works with our customers to contain and eradicate the threat.