Back to Basics: Solidifying Your Cybersecurity in 2019

No factor has played a bigger role in bolstering human social development than the emergence of technology. From James Watts’ steam engine to Steve Jobs’ iPhone, technological progress has allowed society to thrive and prosper in ways once thought unimaginable.

Innovators of today have created revolutionary technologies that make our everyday lives more efficient. However, these conveniences do not come without potential tradeoffs. Cyber criminals have made it their sole mission to steal, leverage and profit from sensitive information and data. In 2017 alone, there were over 159,000 cyber incidents reported, according to the Online Trust Alliance. Furthermore, the organization stated, “Since most incidents are not reported … the actual number of harmful incidents could easily exceed 350,000.”

Unfortunately, the days ahead don’t look much brighter. According to Juniper Research, over 146 billion personal and financial records will be stolen by 2023. So, should we all just turn in our smartphones and computers now to avoid this bleak, dystopian future?

No! Credit unions can implement holistic cybersecurity strategies that mitigate the probability of a cyber intrusion and lessen the impact if an attack is successful. The following basic steps will help credit unions lay the groundwork for a sophisticated cybersecurity plan that can better protect your organization and its members.

Train Your Employees

Let’s not pretend cybersecurity is simplistic, entertaining stuff because it inherently is not. Nonetheless, credit unions need to educate and train their employees about the relentless threats of cyber criminals and the potential impact an attack can have on their institutions. Annual trainings should be comprehensive and thorough to ensure your employees fully grasp the complex information.

According to Verizon’s 2018 Data Breach Investigation Report, “4% of the targets in any given phishing campaign will click” the link. Also, spear-phishing emails have been found to be “the number one infection vector” of targeted organizations, according to a Symantec report. Trainings must include examples of what common phishing emails look like and how they aim to trick employees. Furthermore, credit unions should use trainings as an opportunity to run through the reporting procedures for employees who have questions or think a cyberattack has happened. It is vital that employees not feel a stigma around reporting potential issues to your IT staff. For any cybersecurity strategy to be successful, employees must have the requisite training and knowledge necessary to spot, report and prevent cyber intrusions.

Ensure IT Staff Stays Informed

Credit unions must ensure that their IT staff stay up to date on technological innovations and cyberattack trends. As quickly as security systems are developed, cyber criminals create new methods to find and infiltrate vulnerability points. Consequently, significant resources should be invested in empowering IT staff with the information and tools necessary to combat cyberattacks. The more informed your IT staff, the more equipped they will be to keep the rest of your team aware and vigilant.

Run Cyberattack Drills

It is essential that cyberattack drills be run on a frequent basis. Drills should involve a variety of scenarios, a multi-tiered identification process, strategic responses and simulated media management. These drills allow credit unions the opportunity to judge their procedures and responsiveness in real time. Knowledge gathered will be instrumental in modifying and augmenting your policies to stop a true cyberattack in its tracks.

Spare No Expense

When analyzing reported breaches through Q3 2017, the Online Trust Alliance found that “93% [of the breaches] were avoidable.” The Ponemon Institute calculated “the average cost of a successful endpoint attack [on a company] total[ed] over $5 million in downtime, damages and loss of productivity.” By investing in and truly prioritizing cybersecurity, credit unions can prevent making such “avoidable” mistakes.

One of the investments that credit unions are turning to is an open-architecture core system, which provides the flexibility and agility to integrate the latest security systems. Making the proper cybersecurity investments will enable credit unions to spot intrusions quickly and decrease the chances of a successful attack.

Overall, credit unions need to be in a constant state of improvement when it comes to cybersecurity policies. Annual trainings have to include the newest information to keep employees educated and informed. IT staff should follow the latest trends to better protect the institution. Cyberattack drills should be run frequently and fully assessed to determine the strengths and weaknesses of your procedures and strategies. Also, credit unions must continue the trend of spending the necessary resources to protect their members’ data from ruthless cyber criminals. Ultimately, these basic steps can be the difference between an attack being stopped and an attack becoming a data breach catastrophe.

Roberto Endrizzi is Chief Technology Architect for DEDAGROUP ICT Network – International Division. He can be reached at 205-408-5300 or roberto.endrizzi@dedagroup.it.