The Importance of Authentication for Cybersecurity Defense

Throughout the pandemic, the financial industry has been a prime target for cyberattacks as credit unions accelerated their digital transformation initiatives. Credit unions have strengthened their cybersecurity defenses through a variety of strategies, including the implementation of cybersecurity monitoring solutions. However, the best defenses are only as strong as their weakest link, and a common vulnerability includes the actions of members.

Despite cyberattacks becoming more frequent and sophisticated, Americans are increasingly lenient with their cybersecurity practices. According to CSI’s recent cybersecurity survey, 30% of Americans believe it is OK to use the same password for an online bank account that they use for other online accounts, representing an increase of six percentage points from 2019 (24%). Further, 43% of consumers ages 18-44 believe this to be true, as well as 25% of credit union members.

These results emphasize the need for credit unions to educate their members on the importance of password security. As the financial industry continues to digitize, credit unions must make member education the foundation of their cybersecurity strategy.

Password Security Measures

In the financial industry, passwords should serve as the first line of defense for credit unions and members alike. However, members who reuse passwords can do more harm than good in the fight against cybercrime. If a criminal obtains a member’s password on the dark web, they can use this information to launch credential stuffing attacks, or automated attacks in which the usernames and passwords are used on other sites in an attempt to gain access to member accounts.

According to a global report, there were 3.4 billion credential stuffing attacks in the financial industry in 2020, representing a 45% year-over-year increase. A member who uses the same password across multiple accounts increases the opportunity for cybercriminals to hack their online bank account.

Additionally, credit unions must emphasize the importance of creating strong passwords. Accounts that hold critical data, such as bank accounts, should have a stronger password. Members should avoid creating passwords that can easily be guessed, such as birthdays, family members’ names or home addresses. To increase defenses, members should create passwords with at least 15 characters, use phrases or even full punctuated sentences and change the password if evidence of compromise exists.

While password security measures are vital in the fight against cybercrime, credit unions can take their strategy a step further by providing multi-factor authentication (MFA) technology for members.

Enabling Multi-Factor Authentication

As members’ needs continue to evolve, credit unions are tasked with creating a secure and seamless banking experience. However, current authentication methods, such as passwords, have failed both expectations. Credit unions striving to add an extra layer of security to their network without compromising the banking experience should provide and promote MFA to their members.

MFA requires multiple credentials to verify a user’s identity, making it difficult for cybercriminals to obtain unauthorized account access by cracking or obtaining a password. The technology prompts users to verify their identity a second time by entering a PIN, answering a security question or implementing biometrics authentication. Through the implementation of MFA, credit unions can provide members with authentication choices to meet their evolving needs while removing the risk of weak passwords. According to Microsoft, MFA can help prevent more than 99% of account attacks, making the technology one of the most effective ways to improve cybersecurity measures.

Member Education Is Key

As Americans become desensitized to the risks of security breaches, it is imperative for credit unions to enforce the importance of establishing secure passwords and enabling MFA to members. Moving forward, empowering members with information through cybersecurity awareness campaigns should be the first step in a credit union’s fight against cybercrime.

However, credit unions must be strategic in their approach to capture their members’ attention:

• Tailor your campaign: Create campaigns to reach different groups of members based on age, work schedules, etc.
• Embrace creativity: Think creatively about how best to communicate with members and deliver a compelling message.
• Go digital: Leverage digital channels to reach a broader audience; don’t limit the scope of your message to physical locations.
• Provide actionable tips: Inspire confidence in your credit union and motivate members through actionable tips, such as best practices for creating strong passwords.

Credit unions that provide valuable education and promote good password hygiene will mitigate cybersecurity risks for members while increasing the potential for new business through knowledge sharing. As new threats continue to emerge, credit unions must embrace a layered approach to cybersecurity, incorporating both member education and cybersecurity monitoring solutions into their strategy. By doing so, credit unions will strengthen the resilience of their network and keep members safe.

Sean Martin is a product manager for Computer Services, Inc. (CSI) Managed Services, a division of CSI, a Paducah, Ky.-based fintech, regtech and cybersecurity company.