Cybersecurity has become an increasingly important subject for financial institutions to invest in and a key component of any successful information security program along with active participation from credit union executives and board members.  Julie Gessner, VP of CMS Sales, recently interviewed key staff at CU*Answers to get their input on hot topics relating to cybersecurity.

Mitigating Risks from Cyber-attacks

What types of cyber-attacks should I be aware of and how do I mitigate risk?

Denial of Service.  If I siphon the gas out of your car, you’re stuck mad – I’ve just denied you the ability to drive your car.  In a similar way, an attacker can perform actions that prevent you or your members from using an application like home banking.  Networks can be built using technologies that try to shun these attacks.  However, to protect against an overwhelming flood of traffic, partnering with your ISP or a trusted third-party specializing in DoS protection is necessary. – Dave Wordhouse

External dependency management is the process of reviewing how an organization connects to third parties.  This includes evaluating the controls the third party has in place to protect information. – Patrick Sickels

Attacks can occur as a result of a single point of failure or SPF.  SPF is any part of a system that if it should fail can bring down the entire system.  Examples of SPF includes servers with a single hard drive, offices with a single source of power, and networks with a single internet connection. – Jim Lawrence

Be aware of your policy for BYOD (bring your own device).  It has become increasingly common for organizations to allow employees to connect their personal devices to a corporate network.  BYOD is first and foremost a policy decision that the business should consider.  There may be productivity improvements but there are also risks.  Things to consider include: will the flow of information be controlled, how will it be protected, and what information is permitted on an employee’s device and what is not?  BYOD should start first with a business analysis, then a risk assessment followed by a written policy.  The technical systems can be introduced to allow secure BYOD; notice that the technical systems come last in this process. – Matt Sawtell

Not a day goes by when social engineering attacks are not in the news.  Social engineering is playing the con, attempting to trick employees into giving away information or access that the bad actor should not have access to.  Your defense against social engineering starts with employee training.  Educate your staff on permissible actions and what they should do if they think they made a mistake. – Dave Wordhouse

Stay tuned for more tips on cybersecurity awareness throughout the month of October!

If you have any questions or would like additional information on cybersecurity options available to your credit union, please reach out to us via email at: