Cybersecurity remains a top concern for credit unions in the digital age – the recent Equifax data breach underscores the necessity of preparedness should a security threat arise. There's really no excuse for a credit union to be without a plan should a hack occur.
Incident response is a two-fold process: Preparation and response. If your credit union gets hacked, there are several things you need to do:
1. Get the right people together to make sound decisions. Smaller credit unions without a technical person on staff should contact their forensic investigator immediately. Involving the experts as quickly as possible is crucial, and you must assemble your response team before contacting members.
Recommended For You
2. Don't panic. Panic will only cloud your judgement and make the situation worse. It's important for credit unions without a dedicated IT team to enlist an outside resource to help them draft an incident response plan. Forced reactivity is not preferable, which is why it's wise to have an established plan in place so that you know exactly what to do if the worst should happen. Creating this strategy serves as a mental dry run for the real deal, and allows your credit union to go through a valuable exercise on what to do in the event of a crisis. Enlist a group of people with different viewpoints to draft the plan in order to generate new ideas and ensure all perspectives are taken into account.
3. Do not turn off infected computers. Malware that is installed by hackers often resides in the device's memory, so if you turn off the computer then researchers could lose valuable evidence. The damage has already been done – disconnect it from your network and the rest of the world, but leave it running. Some malware may even be programmed to do more damage on reboot should you try to cut power. If there is an active breach, there is no guarantee that the threat has or has not moved to another computer. However, if it hasn't, you can unplug the network cable to isolate the threat, preserve evidence and prevent it from spreading.
4. Implement your response plan. The response plan should have several different components, including phone numbers for all local, state and federal authorities (the NCUA, FBI and secret service). You also need to include contact information for forensic teams. Imagine if you were hacked today – who would you want coming to your credit union to help? Credit unions may want to work with a forensic team from the city in which they operate – the answer often depends on your location. Additionally, you should contact your insurance company, especially if you have purchased cyber insurance (hopefully you have). Finally, you likely will need to file notice of the breach with your state's attorney general if more than 500 members are affected. The timeframe for filing varies state by state.
5. Let your members know what happened. Members should be informed in two stages. The first stage is to contact members who have been affected – they need to know what happened and what information is at risk. The second stage is to contact members whose data likely hasn't been affected – it's still important for them to be aware of the issue and the steps the credit union is taking to protect members whose information may have been compromised. It's a good idea to have a key messages ready with specific talking points for affected members, and be prepared to send them a notification letter. Keep in mind that you never want to communicate any speculation to people outside of the credit union – just the facts.
The bottom line: Every credit union needs to be prepared for a data breach. Cyber threats aren't going anywhere. With a solid plan in place and the right team, you can protect your members and their valuable data. Don't lose the trust of your membership by falling asleep at the wheel.
Steve Adwell is vice president of security and LAN/WAN for EPL, Inc. He can be reached at 205-408-5300 or [email protected].
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
