By: Gene Fredriksen, Security Strategy Consultant
October is Cybersecurity Awareness Month, a month dedicated to helping bring awareness to the importance of protecting yourself from online threats. This year’s theme is “See Yourself in Cyber,” reinforcing that cybersecurity is important for all people, across all channels.
Knowing the importance of being secure in any digital format is critical, especially with so many aspects of our professional and personal lives online. The Department of Homeland Security reports that:
- 600,000 Facebook accounts are hacked every single day.
- Forty-seven percent of American adults have had their personal information made public by cybercriminals.
- One in three homes with computers is infected with malicious software.
As such, Cybersecurity Awareness Month is a great opportunity to launch or promote educational awareness campaigns to remind your employees and members about the importance of protecting both credit union and personal data. This month can also be a timely reminder to reflect upon the effectiveness of your credit union’s cybersecurity measures.
Cybersecurity Fundamentals for Your Credit Union
It is imperative to work alongside your employees to help raise their cybersecurity awareness and aid them in identifying the telltale signs of an attack. Proper cybersecurity solutions can detect the most sophisticated attacks; when combined with existing security training programs, they help ensure that employees can combat hackers more effectively. Here are a few touchpoints to keep in mind:
- Strong authentication should be enabled. Check with your IT department to see if stronger authentication protocols can be established. Your employees’ passwords can be made more secure by using two-step authentication – protecting their accounts and your credit union’s data even if an employee password is stolen.
- Make solid and lengthy passwords. A password that is at least 12 characters long is vital. Using a passphrase – a password that is longer and stronger, yet easier to remember than complex shorter passwords – makes this process simpler. Encourage employees to set a different password or passphrase for every account.
- Keep your software updated. Producers and software developers often fix security flaws in their products, but these fixes only take effect after applying them. Remind your employees to keep up with notifications for updates awaiting installation on their computer and mobile devices. Consider having your IT department set up security updates that can be pushed out to employees’ computers and automatically installed, as well as ensuring that your employees are aware of how to set up their phones and apps to meet the proper level of security required by your credit union.
- Provide regular security awareness training. Offering regular education and training opportunities to keep employees up to date on the latest cybersecurity scams and hacks is critical.
Remind Members to Share with Care on Social Media
Cybersecurity Awareness Month is also the perfect opportunity to share educational cybersecurity materials with your members. Here are some tips for your members to keep in mind before posting, sharing or sending:
- Don’t post anything on social media that could help cybercriminals to steal your identity. Be cautious about including your full name, and never post personally identifiable information (PII) like your Social Security number, address, birthdate, phone number or place of birth.
- Don’t share your location. Many social media sites allow you to “check in” at locations or add your location to images and posts. While it’s fun to post vacation pictures in real time, it’s a clear message to bad actors that there is no one home.
- Don’t post questionable content. There is no “delete” key on the internet. Remember that prospective employers might check your social media sites before hiring you. Pictures, videos and posts with your opinions that make you appear unprofessional or cruel may harm your reputation or prospects for the future.
Beware of Phishing
Additionally, an important message to share with both your employees and members alike concerns the dangers of phishing. Phishing attempts happen daily, and links in social media posts and email that look to be from a trusted sender are often how cybercriminals trick people into being compromised. Avoid the traps set by cybercriminals. If a link or attachment looks suspicious, even if you know the source, confirm before clicking. Outsmart phishing attempts – stop, think and check before clicking on links.
Cybercrime can be daunting to combat, but it should remain a priority. The National Credit Union Administration (NCUA) maintains a webpage with cybersecurity resources for credit unions with important information about protecting themselves and their members from cyber threats. If you need additional help in your cybersecurity readiness, consider partnering with a fintech or credit union service organization (CUSO), as they often have the technology and resources necessary. Cyberattacks can greatly affect our offline lives and it is important to be prepared and stay vigilant.
Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.
Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.
