Better Together: Preventing Cybersecurity Issues and Fraud
Posted by Jennifer Johnson on November 14, 2023
“Something just seemed off.”
From texts stating an account was temporarily locked to emails from trusted companies about a fraudulent charge, scammers use a variety of methods to take advantage of unsuspecting members. And inevitably, a victim says they had an initial sense that something wasn’t quite right.
As we enter the holiday season, members are even more vulnerable to attacks. However, credit unions have a variety of methods they can deploy to keep members safe and prevent future security breaches. Jennifer Anthony, Vice President of Cybersecurity and Risk at IT service partner Think|Stack, shared some suggestions at MAXX last month:
Create a disaster response plan and establish key players. Connect with associations like GoWest or the NCUA for strategies, talking points, and sample press releases. Get familiar with the National Institute of Standards and Technology framework.
“It may not be feasible to meet with an expert for a number of reasons, but it doesn’t mean that credit unions can’t take some time to do that internally with resources available to them,” Anthony said.
If you have a plan, meet with your team now. Do they know how to use it? Do they understand the language? Does everyone know where it’s located, and is it on a network you can’t access if there’s an incident?
Anthony encourages all credit unions to invest in cyber insurance, create a list of essential partners to contact (legal, crisis communication, PR teams, vendors, members who might need to be involved), and your “break glass option” — the people you will call in the worst-case scenario.
Establish relationships with third parties who can support teams through an incident, too. Consider cyber insurance providers, a tech provider, or local law enforcement. The FBI also has an Internet Crime Complaint Center (IC3).
“Cybersecurity is a team sport,” she said. ”Do not go at this alone.”
If an incident occurs, don’t ignore it, panic, or delete data. The NCUA requires credit unions to report an incident “as soon as possible and no later than 72 hours after the credit union reasonably believes that it experienced a reportable cyber incident.” That means you and your staff must have a clear head to quickly determine what happened — who was logged in? How did the member communicate? With whom did they communicate?
In the immediate aftermath, one employee should keep a log of events — who, what, when, where — and grab screenshots to create an outline. Resist the urge to delete data or shut systems down, as forensic teams will need access to it and be able to pull data.
Ideally, you are well-versed in your response to an incident and you have documentation.
“Another thing people don’t think about is recognizing that an incident could last more than 24 or 48 hours,” Anthony said. “What does staffing look like? Who’s going to be at work and who is not going to be at work?”
If you typically send out alerts, do so with a clear strategy. Anthony suggests doing a risk assessment to identify the most critical components of your business and alert based on that. Alert fatigue is real, and you want to make sure what you send is being read.
Practice, practice, practice. The last thing you want to do is dust off a response plan when something bad happens.
Set aside time for your team to become keenly familiarized with the plan and simplify it as much as possible so it’s easier to act on in the moment. Don’t box-check a tabletop exercise, either. Take the most junior member of your team and have them run through it — if you can do that, you’re winning, she said.
But the best way to prevent future cyberattacks is to be “optimistically suspicious,” she said. Credit unions can be helpful, kind, and questioning without losing their core value of serving members the best way they can. (“I’m asking you to verify your identity because I care deeply about your account and your financial well-being.”)
Pausing at that first point of contact can save credit unions — and the greater community — a lot of trouble.
“When someone is compromised, it doesn’t just impact that credit union, it impacts the industry as a whole,” Anthony said. “Cybersecurity takes our community engaging together. When we do, we’re all better off for it.”