ATTENTION ONLINE CREDIT UNIONS

Cybersecurity has become an increasingly important subject for financial institutions to invest in and a key component of any successful information security program along with active participation from credit union executives and board members.  Julie Gessner, VP of CMS Sales, recently interviewed key staff at CU*Answers to get their input on hot topics relating to cybersecurity.

Protecting Your Credit Union and Your Members from Malware

What is Malware and what are measures I can take to protect my credit union and my members?

Malware is one of the most significant threats facing your organization today.  Malware is any software running on a system that performs malicious actions and can do many things such as encrypt or delete your data, exfiltrate information to an attacker, spy on activities, record keystrokes, and provide a backdoor for the attacker to remotely access your network.

So much malware is being written today that the traditional antivirus alone cannot keep up.  Effective protection against malware requires many of layers.  First, using up-to-date endpoint protection solution that is properly configured.  Second, staff should be trained not to click on links or open attachments and unexpected emails.  Third, using anti-malware software that works based on the behavior of the software.  Fourth, an up-to-date patching of applications and operating systems that are connected to your network.  Finally, identification and prevention of network traffic to malicious locations on the Internet. – Matt Sawtell

What do examiners expect from credit unions?

As a result of requests from examiners, the business impact analysis (BIA) is used to identify and prioritize business functions and the technology that supports them.  For each function, a maximum allowable downtime value is determined based on the loss to the organization in the event of a disruption. – Jim Lawrence

What else can I do to protect my members?

Require your members to authenticate.  Authentication is providing proof that a person actually is who they say they are.  Typically, this is done by providing a username and a password. – Dave Wordhouse

Consider multi-factor authentication.  Usernames and passwords can be easily guessed or stolen.  With multi-factor authentication, you have to provide some other proof of your identity besides just a password.  Other valid forms include biometrics such as a fingerprint, or something unique you have like a token.  Combining a password with another form of authentication provides for strong security. – Matt Sawtell

Examine who has access to what; review who should and who shouldn’t have access to a particular computer system or physical area. – Patrick Sickels

Stay tuned for more tips on cybersecurity awareness throughout the month of October!

If you have any questions or would like additional information on cybersecurity options available to your credit union, please reach out to us via email at: info@advantagecio.com