2020’s Digital Push May Mean Future Security Risks

 

In 2020, credit unions prioritized service over expansion. But creating new digital solutions for members and employees was a whirlwind of uncertainty and this year, leaders will need to stay extra vigilant when it comes to credit union cybersecurity.

Now, many credit unions are focused again on expansion. 2021 looks to be the year 2020 was meant to be, in terms of growth. For this to happen, however, credit unions must protect themselves from cybersecurity setbacks. Here’s why:

Credit Union Cybersecurity

Your credit union, just like any other financial institution right now, has likely checked and rechecked your credit union cybersecurity solutions and protocols in the wake of rising fraudulent activity and cyber breaches taking place all over the country.

Credit union IT professionals have been working tirelessly for the last year to ensure all firewalls and anti-malware programs are present and running on all devices in your network.

The good news is, in most cases, your credit union is at low risk of being breached through your many security systems and protocols. But there is a chink in your credit union’s armor – and it’s your employees.

The Chink in Your Credit Union Armor – Your Employees

Your employees are one of the best assets your credit union has – and unfortunately, they are also often inadvertently to blame for cybersecurity breaches.

According to Varonis, 95% of cybersecurity breaches are caused by human error. And in the last year, your employees have been thrown out of their element and into new remote and hybrid work models, which increases the chances of a breach.

Even if your employees are only performing their work on approved devices, it’s still vitally important to continue educating them on new threats and how to avoid them.

Sending alerts, reminders, and educational material about phishing (one of the top methods employees fall for when it comes to cybersecurity breaches) is a great way to foster a cyber security-minded work culture and bridge gaps in tech-based employee skills.

Some common features of phishing emails to look out for include:

  • Offers that seem too good to be true. Phishing emails often have some kind of amazing, lucrative deal for recipients or even include information about a product or prize you’ve “won.”
  • Sense of Urgency. The point of these emails is to entice readers to “act now” or “click here” in a short amount of time or they risk losing the “special offer.”
  • Hyperlinks. Cybercriminals often use hyperlinks to mask the real link they want you to click on. To see if a link is legitimate, hold your mouse over the linked text to reveal the real link you will be navigating to. Be careful and check for typos in the link, as many phishing emails say they’re taking you to a legitimate website like “yourbank.com” but if you look closely, the “m” is really an “r” and an “n” set together to trick you into thinking the link is legitimate.
  • Attachments. If you are not expecting emails with attachments, or the attachment seems odd, don’t click on it. These attachments may have viruses or other malware that are released upon opening.
  • Unusual sender. The cardinal rule of employee-based cybersecurity is this – if you aren’t expecting an email from someone, don’t open it – especially if it has any of the abovementioned hallmarks of a phishing email.

Kick Start Your Credit Union’s Digital Expansion

Keep your credit union moving forward. IMS Integration offers premiere solutions for Keystone users:

  • Corelation Solutions: Skip a Pay, Reward Checking, and Online Courtesy Pay+.
  • Infuzion: This powerful tool was developed to streamline complex functions without spending hours developing scripts.
  • Web Loan Applications: Loans are critical to your credit union’s success. Enhance your member experience by implementing our online loan applications system, which tightly integrates with KeyStone core.

If you want to explore our offerings further, or you have questions about our solutions, contact us today.


2020 In Review for Credit Unions

 

The pandemic and other disasters caused a lot of uncertainty for your members and employees this year. As 2020 comes to a close, it’s important for leaders to review what they’ve learned so they can prepare for 2021. 

Here are the top insights credit unions have learned this year:

Members Need Digital Experiences

When the world locked down and started working remotely, members flocked to your credit union’s digital services. What was once seen as conveniences became needs, but your members still craved customization and personalization through your digital services and remote communication styles. They demanded improved digital experiences

In addition to increased phone volume and, potentially, the unveiling of video chatting at your credit union, your members increased the use of your website and mobile app. Website accessibility became even more valuable to serve more of your members.

As we’ve said before, “The digital member experience needs to be as close as possible to an all-encompassing, no limits, one-on-one discussion about the many products and programs your credit union offers.”

You may have seen a need to improve your software and digital infrastructure throughout this season. But those improvements don’t end with 2020. It’s imperative that credit unions continue to optimize the digital experience for their members on an ongoing basis. 

Related resources from our sister company, Information Management Solutions:

Cybersecurity is Increasingly Important

Credit unions across the nation, among other businesses, are finding that cybersecurity is critical for the well-being of their business and to keep their members’ data secure. 

We’ve known for a while that cybercriminals don’t discriminate who they attack and that not all cyber threats have malicious intent, but this year has made it even harder for smaller credit unions to keep up with the security demands placed on them, especially when transitioning to WFH environments. 

We previously summed this up as “Cybersecurity in 2020 is even more important than it was in past years because financial institutions can’t afford to be breached or hacked during these uncertain times.”

At the end of this year, one thing is clear: if your credit union hasn’t already, it’s time to strengthen your cybersecurity initiatives. 

Related resources from our sister company, Information Management Solutions:

Members Require a Better Experience

Your members want more. Their needs are always changing. As younger generations join credit unions and as time moves forward, member expectations change. This is especially true for 2020 as members’ needs changed practically overnight.

This year, credit unions helped their members use self-service options and embrace digital services. Your employees quickly felt the loss of that in-person community that is created within a normal credit union environment – and everyone on your team knew that many members felt the same loss.  

Customer service became less about benefits and more about personalizing the customer experience, even while working remotely. As we prepare for and head into 2021, it’s important to continue improving the member experience across the board. 

Related resources from our sister company, Information Management Solutions: 

Prepare for 2021

At the end of the day, your credit union is constantly working on ways to better serve your members. Members continue to be the most important focus for a credit union’s efforts, from the leadership team to each member service representative. For this reason, all of these insights that credit union leaders have learned over the year are important to take into 2021. 

Like you serve your members, our team at IMS Integration is here to serve you. Contact us to learn more about how we can help your credit union.


COVID-19 Cybersecurity For Credit Unions

 

The CARES (Coronavirus Aid, Relief, and Economic Security) Act has helped millions of Americans weather the COVID storm, but it has come with a downside. As more than $2 trillion made its way to businesses and individuals, cybercriminals saw an opportunity to make some big paydays for themselves.

Cybersecurity in 2020 is even more important than it was in past years because financial institutions can’t afford to be breached or hacked during these uncertain times. But how can credit unions fight back?

Old Fraud, New Tricks

“New account fraud, identity theft, cybersecurity risks, imposter and money mule schemes, and mobile banking application fraud are all on the rise as a result of the opportunities related to the ongoing COVID-19 pandemic,” says Rodney Hood of the NCUA.

Here are some helpful cybersecurity tips for protecting your credit union and your members.

Increase Communication Security

With many Americans working from home, the need for good communication increases. Tools like Zoom and GoToMeeting are fostering company communication, but these platforms are not without risks. When creating meetings on these platforms, there are lots of options for increasing their cybersecurity.

Update each meeting’s privacy and security features to prevent what’s known as “Zoombombing” – when outside parties or unauthorized persons join a meeting. Change your meeting IDs consistently, mandate that all meetings have passwords, and don’t use the same password over and over. You can also enable the “waiting room” feature where those who have just tuned in to the call can stay until you or another meeting leader gives permission for them to join.

Employee Education

The more trained eyes you have, the easier it is to stop fraudulent activities before they do widespread damage. During those Zoom meetings, set aside some time during every call to discuss cybersecurity.

Ask your staff if they have noticed any unusual account activity or suspicious emails in their inbox. Share weekly tips on how to spot phishing attempts, phony email accounts, and unsafe links. You can also create educational material and discussions around specific topics like we’ve done in the section below.

Keep an Eye Out for Unemployment Insurance Fraud

Though unemployment numbers are decreasing, there are still millions of Americans filing for unemployment insurance benefits every week. And with COVID-19 continuing to impact the global workforce, scammers are jumping at the chance to over-collect on these benefits or steal them outright.

This is a great opportunity to educate your employees and members on the red flags:

  • An account that receives unemployment benefits from another state with no explanation, or from multiple states
  • An account that receives the benefits of more than one individual
  • New accounts being opened with no transactional activity that is suddenly used to collect unemployment insurance benefits.

Using resources like the NCUA and other trusted reporting sites to create a “profile” for fraud can help you and your staff recognize these red flags. You can do this with each threat or type of fraud, encouraging awareness and prevention of these issues.

Comprehensive Member Education

One of the greatest assets a credit union offers to its members is educational resources. Schedule some time to create online classes or educational materials that address these new cybersecurity risks. It’s also a great time to highlight past fraud prevention and financial literacy resources, which will act as a refresher on the topic and help your members find these resources later.

The more people (members and staff) who are educated in fraud prevention and cybersecurity solutions, the better.

IMS Integration Can Help

At IMS Integration, we make solutions to help you save time and protect your members. Contact us to learn more about how our member-facing web solutions can help you better serve your members.


Taking Control of Your Security Risks

As we mentioned before, criminals are always creating new ways to break into financial institutions. More recently, cybercriminals have developed a new “long con”—the “Frankenstein” identity—where they make up an identity (rather than stealing another person’s) and spend years building up a solid credit score. 

They’re able to trick lenders by securing a random social security number and pairing that with a made up name, typically from someone without a credit history (or under 18 years old). Then, once those “borrowers” are able to secure loans when they’ve built up their credit score, and then abruptly stop their payments after a few months.

The target could be anyone, including you.

Hackers do what they do for a number of reasons—it’s not always necessarily malicious, but it’s always at your expense. While cybercriminals are often driven by financial gains, hacking can also be a form of protest, espionage, or simply for thrills. 

But as a CU, you’re at the mercy of cybercriminals who are becoming more adept at what they do. What was once a shady bedroom activity has manifested as a huge business with an infrastructure with a spectrum of sophisticated, educated hackers who then sell their resources to those with less advanced skills.

Apart from malicious (or simply pleasure-seeking) cybercriminals, other security risks include simple human error and even insider crime. No matter where the security vulnerability comes from, improving security certainly surpasses the cost of damages caused by a breach. 

Cybercriminals don’t discriminate when it comes to targeting financial institutions. 

Unfortunately, all credit unions can be a target. While you should always remain aware of the trends in cyber crime and those that could affect your institution, it’s important to also ensure that you have the right firewall protections, updated antivirus software, and updated patches.

But a partnership with third-party vendors can also add layers of protection to prevent costly future damages, and those third parties should value security and diligence regarding security risks as highly as you do.

As your third-party vendor, we don’t cut corners—and you shouldn’t assume that you’re safe from cybercrime, either. If you’re ready to learn about how you can ensure continued protection for your members’ data against cybercriminals, let’s talk about your ideal solutions.


Cybersecurity and Credit Unions in 2020

Since 2016, the cost of cybercrime has increased by over 40 percent. As hackers and criminals develop more robust methods of breaching security, it’s certain that cybercrime is likely to only amplify in the future years.

Data breach risks are at an all-time high in the financial services industry. General consumers are all-too-familiar with the common email notices from a variety of companies that let consumers know that their personal information has been breached. In past years, Equifax, Target, Yahoo, and a slew of other companies have seen highly publicized data breaches that cost reputations and a heap of money.

With criminals constantly developing with new methods for breaching security, the likelihood of it happening to your CU is too great to ignore. Many CUs don’t realize they are not spending the resources they should when it comes to security.

Here are the potential security risks for credit unions in 2020. 

Malware and ransomware remain two of the top security risks in 2019, which is likely to continue in 2020. In fact, 69% of organizations breached as reported in the Global Data Exposure Report stated their breach was due to an insider threat, though they did have defense mechanisms in place at the time of the breach. As cybercrime grows, hacking methods become more powerful against these defense systems.

Ransomware is a software created and implemented by cybercriminals that prevent companies from accessing their data or systems. By holding this information to a ransom, cybercriminals will continue to delete other areas of data or spread the ransomware to other systems. The Beazley Breach Response (BBR) Services team reported a 105 percent spike in ransomware attacks against clients in the first quarter of 2019.

Human error is a major culprit, too. 

As in 2018, employees still remain one of the top reasons for data breaches. This is true for current and former employees. A lack of training can often create security risks, or an employee exiting the company may bring valuable information with them upon leaving. Criminals have been known to bribe unhappy employees, who can then turn over sensitive information. This has proven one of the most successful ways to access a company’s information.

A lack of security controls that can appropriately detect and respond can also be the reason behind breaches. When companies require employees to manually detect those security gaps, this increases the chance of a breach. Those working in the financial services industry can’t ignore the enormous risk of this very common security threat

The cost of improved security greatly outweighs the far higher cost of remedying the countless issues caused by becoming a victim of cyber crime. You can’t put a price tag on the damages to your reputation caused by public data breaches.

Be Proactive.

By ensuring that your devices have the following, you’ll be protecting yourself against cybercrime:

  • Updated antivirus software
  • Updated patches
  • Correct firewall protections
  • A sufficient third-party security vendor

Don’t assume you are safe from cybercrime. With IMSI, we don’t cut corners on your cybersecurity. Build the layers of your security foundation and ensure your safety and protection of your members with us. If you’re ready to talk about how you can step up and improve your cybersecurity systems, get in touch. Shoot us a message.


Making A BYOD (Bring Your Own Device) Policy Work For Your Credit Union

One of the biggest–yet easily avoided–mistakes that credit unions can make when it comes to their data security is not planning and implementing a Bring Your Own Device (BYOD) policy.

 In today’s mobile age, not having a smartphone or at least a cell phone is the exception and not the norm. Some of these devices are provided by employers, while some are brought in by the individual employee. For the past decade, more and more credit union IT departments are being relied upon to support BYOD.

No one can deny the number of benefits to using these devices. Multiple studies have shown that it increases productivity, allows for easier access to needed information, as well as access to your credit union’s systems. However, allowing access to smartphones, tablets and the like opens up an entire can of privacy issues that need to be tackled. Procedures need to be developed to effectively oversee and secure personal gadgets.

Are your employees using their personal devices while working? Do they use their work email accounts on their own phones? Do they access and edit work documents using their home computers? These are crucial questions that need to be considered in order to come up with and heavily enforce a clear policy that regulates what apps and software your employees need to have. Otherwise, you are putting your data in risky territory.

5 Questions To Answer Before Deploying Your BYOD Model

  • Can employees bring their work-issued devices home and work from there?
  • Can employees work using personal devices?
  • If the answer to the above is yes, what security apps should they use to protect their data?
  • Which secure email app are they allowed to use?
  • Should employees use two-step authentication on their personal devices as well?

Steps To Consider In Order To Support An Effective BYOD Policy

  • Come up with user, device and app requirements for your support process
  • Measure user, security and device requirements for the BYOD delivery model
  • Design/adjust your work environment for BYOD implementation
  • Align your credit union’s business, user and IT requirements to the right security model
  • Address potential user, security and device concerns with your BYOD policy
  • Prepare your credit union’s IT department and users for BYOD by educating them on how the model will work
  • Deploy the BYOD model and make sure it meets both device and user requirements

When we minimize the chances of smart devices being compromised, we avoid potential data disasters. With the right policy in place, you will be able to effectively protect your members, your data, your employees and your network from a potential data breach.