%20formatted-1.png?width=2528&height=739&name=SIGNiX%20Logo%20Main%20(white)%20formatted-1.png)
As a consultant focusing on security, I often field questions on which products perform better than others, in particular, anti-virus. Every credit union has a form of an antivirus solution both expensive and inexpensive. Some credit unions have more than one on different layers of their network in efforts of implementing multiple layers of security. However many underestimate the most effective solution.
Employees are the credit unions’ first line of defense. The criminals understand the inherent flaws in human nature, and they prey on it. Flaws include being trusting, courteous, social, curious, fear of authority, desire to help and wanting to be liked. I believe these attributes are more apparent in our industry because of the service-oriented model of credit unions.
Much like antivirus solutions, firewalls, and intrusion prevention systems, employees also need to be updated on the newest methods of attack to foil the ‘bad guys’ from obtaining the credit union’s confidential information. Attacks like phishing, spear-phishing, whaling, website spoofing, and ext. can be thwarted by training employees on current methods of attack. Some training tips include, but are not limited to:
- When in doubt of a link, type it out
- Be suspicious without losing positive member service
- Prior to visiting unfamiliar websites, check reviews
- New scams and methods for attack
- Social Engineering
- Learn to spot criminals pretexting to divulge insignificant data – info may be significant to thieves bypassing multi layered authentication
- Don’t give phone extensions or e-mail addresses out.
- Train cleaning crew on social engineering attacks
- Be aware of connecting ‘freebies’ or items found to your PC (i.e. USB drives/CDs/Keyboards)
- Share stories with other credit unions
- Place Google Alert on you and your credit union (google.com/alerts)
- Test/assess the security posture. Use even the bad test results in a positive way when training
- Leverage training and compliance by training employees on your risked based Information Security Policy & Program per NCUA Regulation 748 Appendix A
- Develop a member education program in line with FFIEC’s guidance on multifactor authentication
There is a direct relation to a sound security posture and frequent employee training. So, it is important for your credit union to deploy your credit union’s best asset, employees. Get the employees engaged and tap into their creativity. Ask employees to think of unique ways to breach the credit union, and then update security procedures and training accordingly.
By Idrees Rafiq, Jr., AVP IT Consulting, Credit Union Resources, Inc.
