Prioritizing Data Security in the Era of E-commerce

If asked, “What keeps you up at night?” the majority of credit union executives may respond: Making headlines due to a security breach. Data security and mitigating cybersecurity risk remain top of mind for credit unions and the pandemic hasn’t changed that. In fact, the risks are increasing and expanding.

Where data is exchanged, there is risk of compromise. More time online means your members and staff alike are experiencing more opportunities for a hack or data breach. During the pandemic, shelter-in-place orders and health and safety concerns only increased consumer dependency on e-commerce. In fact, online shopping activity quadrupled during the pandemic from pre-pandemic numbers, according to a January 2021 report from PYMNTS and Elan. Mail delays and closed branches inspired more consumers to pay bills with digital tools. With these increased e-commerce and digital payment trends comes an increased exchange of data. As your members continue to shop online and make non-point-of-sale transactions, your financial institution should thoughtfully consider the impact these trends have on your institution’s security.

Proactively addressing cybersecurity concerns and threats starts with preventative measures for these three core groups: Your members, your employees and your vendors.

Here are three ways to help secure your organization’s data during the rise of e-commerce.

1. Teach Members How to Shop Safely

Educating members on how to safely utilize ecommerce is crucial to reducing and preventing breaches. Credit unions are collecting more data on members, but so are the places they shop. Online shopping isn’t going away anytime soon, so offering continuous education on data security will help them stay protected. Ultimately, remind members that while convenience is a nice-to-have, security of their information is a must-have.

Encourage members to:

• Always use a VPN when using a Wi-Fi network;
• Shop on secure websites that contain the lock icon next to the URL;
• Use a password vault software to securely store login information;
• Set up alerts for account login attempts; and
• Notify their financial institution directly if they suspect their information has been compromised.

2. Help Employees Understand Their Role in Data Security

Remote work, hybrid work, distracted work, resource deficits and overall changes in workplace environments are increasing data security threats toward credit union staff. Employees continue to be the first targets for phishing attacks leading to breaches. These threats point to the importance of routinely reminding staff of the role they play in your credit union’s cyber and data security.

Implement routine reminders to employees such as:

• Security awareness training that includes phishing modules;
• Examples of other credit union employees who have accurately identified data security breaches;
• How data entry errors can unknowingly lead to breaches; and
• Red flags to look for to stay cautious of potential attacks.

The emphasis on data security can easily get lost in day-to-day operations, but conveying a sense of ownership to employees can help them stay vigilant and observant toward cybersecurity threats.

3. Focus on Vendor Security and Protection

The vendors you choose can impact your institution’s data security, especially if your vendors also use fourth-party vendors. Each vendor is an ally but also presents a potential risk for credit unions. Ask questions of your current vendors, and source vendors with multiple solutions to reduce gateways for security risks. Ask your existing vendors questions like, “Are you regularly being audited based on a security framework?” and “Are you evaluating your third-party vendors to the same standards you are held?”

The more secure your vendors, the more secure your organization will be. You are as strong as your weakest link, and secure vendors will be a strength instead of a weakness. Additionally, vendors with proven risk management best practices and protocols may also be able to advise on data strategies your institution could implement or enhance.

Ensure Data Security With Proactive Practices

Cyber and data security concerns existed pre-pandemic. Now remote work, digital payments and changing consumer behaviors can impact your credit union’s ability to securely transfer data. Understanding these post-pandemic trends can help credit unions prioritize data security and proactively react to risks.

Data security starts with a culture of awareness and prevention at every level within your organization. Pair these preventative measures with rigorous vetting of vendors, member education and routine reminders to staff.

Data reaches far outside credit union walls. Educating employees and members alike, as well as checking in with vendors to confirm their data management best practices, will work to keep business and your members protected.

Joshua Gideon is the Manager of Audit, Risk and Compliance at Allied Solutions in Carmel, Ind.