The financial services industry is one of the most targeted and hardest-hit by cybercrime. In 2016 alone, financial services firms were breached 65 percent more than the average organization, according to research from IBM X-Force.
Too often, credit unions feel they may be small enough to “fly under the radar,” and may not be focused enough on cybersecurity. However it only takes one mistake to unleash a world of pain on your credit union, its members and your hard-earned reputation.
Here are five reasons your credit union needs to focus on implementing bank-level security; particularly with regards to your election and voter data.
Policies and people
What causes 95 percent of successful cyber-attacks? Human error, according to the IBM Cyber Security Intelligence Index.
Your credit union absolutely should have thorough data handling and privacy policies in place; and every single employee must be educated on those policies. Your IT department and technology solutions can’t be the only line of defense against cybercrime, it takes every single person in your credit union being on board. Training is crucial, but so is limiting who in your credit union has access to sensitive data in the first place.
Follow the trail
As you know, your credit union is not the only entity handling sensitive member information. Follow the trail of data and anyone who uses it – vendors, partners, etc. and confirm that their data handling and privacy practices are strong, secure and a match with your own. Any outside organization that has access to your credit union member information should produce a SOC II report for your review.
Debit card disaster
File transfers done outside of set protocol are often the cause of debit card data breaches. These can be particularly damaging for your members as the cards are tied directly to their accounts.
Secure file transfer protocols and encrypted data are a must to prevent account numbers and other highly sensitive information from entering the wrong hands.
Updates, patches and fixes
It can be tempting for everyone – from interns to IT department heads – to put off system updates, patches and fixes. They often require forced down time and many can be delayed by days, weeks or even longer.
When a system vulnerability has been identified, updates and patches are issued for a reason. Any delay for any reason can lead to catastrophe.
Credit unions have the added responsibility of not only handling member information, but highly confidential election data as well. Voter and ballot information must be handled as carefully as members’ financial information.
Secure your member database – if you work with a 3rd-party election vendor that means asking them to demonstrate how your data is protected against any possible loss, intrusions or breaches of confidentiality. Insist on top-level web hosting and encryption technology as well as constant monitoring and auditing.
As elections often include physical data as well as electronic information, be sure you feel comfortable with the checks and balances provided by any third-party election vendors including check-ins, daily or delivered counts and locked storage vaults.