BY TOM NECLERIO
Think your credit union has enough cyber security measures in place to render you soundproof. When it comes to vulnerabilities, you might be overlooking the obvious: your CU’s employees. Learn why phishing scams could have your team inadvertently opening your credit union to attack and how to prevent such threats with this trifecta of arsenal.
Data breaches and cyber security threatsat major financial institutions continue to make headlines, wreaking negative economic impact and causing significant reputational harm for victims. While these stories point to missed security steps or insecure data practices, the reality in cyber security is that a company’s employees can often be an overlooked point of vulnerability. Inmany cases, it isn’t an employee acting maliciously. Instead, it’s a simple user error that opens the floodgates for thieves.
The annual “Data Breach Investigations Report from Verizon” shows that employees open roughly one in four phishing e-mails that make it into their inboxes. The report also says that roughly 10 percent of recipients will open an attachment. For credit unions, many of which are unable to implement the expensive, cutting-edge cyber security technologies the big banks have in place, these numbers can be alarming. However, credit unions can use a combination of technology, employee education and ongoing testing to better identify and remediate the phishing threat.
To understand the challenge facing credit unions, it’s important to recognize exactly what a phishing scam is and what it’s meant to accomplish. Generally, phishing e-mails are malicious attempts to collect personal information and/or employee credentials that would give a thief access to the target’s network. Many credit union employees probably recognize that an e-mail from a Nigerian prince asking for their bank account information is a scam.