The misuse of information by credit union insiders – whether it's accidental or intentional – has allowed hackers to infiltrate financial institution security defenses, costing the institutions some millions of dollars and putting members' personal identifiable information at risk.
These insider misuse cases, which include data breaches, abuses of privilege, malware intrusions, payment card skimming, money laundering, and unauthorized hardware and software use, can take months or years to discover.
"They're behind your firewall, getting all up in your data," Verizon's 2016 Data Breach Investigations Report stated. "They are often end users and they are comfortable exfiltrating data out in the open on the corporate LAN."
So just how big is the threat of insider fraud?
"In my opinion, it is a real threat," Gene Fredriksen, chief information security officer for the St. Petersburg, Fla.-based PSCU, said. "I spend a lot of time looking at intelligence, threat vectors, where things are happening, where fraud is happening. There is a big focus on leveraging insider people."
Eldon Sprickerhoff, chief security strategist at the Canadian cybersecurity firm eSentire, added, "Regardless of how big the company or financial institution is, I always recommend a must-have checklist to ensure they have cybersecurity essentials covered."
That checklist includes the following recommendations:
1. Recognize how most common successful attacks are initiated.
2. Publish an acceptable use policy.
3. Enforce a rigorous password policy.
4. Minimize the number of users with administrative privileges.
5. Ensure patching is up to date and done so in a timely manner.
6. Ensure all security infrastructure is updated and running properly.
7. Ensure backups are regularly performed (and tested).
8. Log system accesses, and regularly review and look for anomalies.
9. Perform regular vulnerability assessments.
10. Implement a continuous monitoring methodology.
11. Don't forget about physical security (such as locked doors and encryption).
Read a full account of internal fraud issues and solutions in the June 1, 2016 print issue of Credit Union Times.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
