Reading, writing, and ransomware
Security expert Theresa Payton warns credit union leaders about new cybersecurity dangers.
Attendees at immersion18 by Trellance got some homework assignments Thursday from a security expert and reality TV star.
Theresa Payton, the first woman to serve as White House chief information officer and star of the reality TV show, “Hunted,” warned credit union leaders about the new dangers they face.
“I want us to be smarter and safer,” says Payton, a former banker and lifelong credit union member. “The threats are changing every day.”
Her “homework” to help credit unions address today’s cybersecurity threats:
►Do a “walkabout” around your credit union. Ask staff what you do well and where you fall short when it comes to information security, and try to determine where employees have implemented workarounds to security procedures.
“We need to design systems for the human psyche,” Payton says. “When was the last time you did a walkabout to see if you’re losing the line of sight of your data?
“We’ve focused on protecting servers, data, the cloud, Internet of things, and on processes, but not the human psyche,” she adds. “The game has changed since we were busy securing components.”
►Think about logical and physical separation of zones of information. The White House, she says, had many "zones of information," mostly for budget reasons.
Having separate zones of information for different functions allows organizations to “flip a kill switch” when fraudsters compromise a particular zone.
“Think about how to create different zones of information in the credit union,” Payton advises, “and where to put logical and physical zones of separation.
People overestimate their ability to spot phishing scams, she adds. “We all know there’s no Nigerian prince wanting to give us money. But hackers are becoming so smart.
“When we’re asked to do a social engineering ploy, we get in 100% of the time,” Payton says, referring to her company, Fortalice Solutions. “That includes the C-Suite and IT people.”
She suggests creating domain names for certain functions that are separate from your public-facing domain name to keep fraudsters at bay. “This will obfuscate yourself from the bad guys.”
►Take your digital security response planning to a whole new level. Ransomware is especially concerning today.
“This is like a hockey stick in my company right now,” Payton says. “We’ve helped customers recovery quickly because they had a plan in advance.”
She suggests practicing how to respond to a potential ransomware event, which often involves the loss of data.
“When you have a plan and practice it, the disaster will be a lot smaller and will be resolved faster,” Payton says. “It always takes 400% to 600% longer than anticipated to resolve these events because people don’t think through everything.”