Cybersecurity threats aren’t going away—they’re only getting worse. Credit unions need to update their security policies and procedures regularly because the threat landscape is always changing.
That dreary outlook comes from security expert Jim Stickley, who addressed the CUNA National Credit Union Roundtable for Board Leadership in Las Vegas.
“Most of the risk comes from employees making mistakes and doing something dumb,” says Stickley, CEO of Stickley on Security and co-founder of TraceSecurity, a CUNA Strategic Services strategic alliance provider. “Usually, they’re unknowing participants. But the insider threat is the biggest entry point into your credit union.”
While credit unions of all sizes are at risk of attack, those above the $1 billion asset mark are especially vulnerable because their networks are more complicated, additional regulations take away the focus that could be placed on security, and the fact that even large credit unions tend to have small information technology (IT) security teams.
Increasingly, cyber thieves are targeting specific employees, particularly IT administrators, using social networking sites such as LinkedIn.
The board’s role in security, according to Stickley:
Management should provide a report to the board at least annually that describes the overall status of the program and material matters related to the program, including:
Credit unions also should review employees’ access to technology, Stickley says.
“Many don’t need to be able to receive email at work,” he says. “Find out which employee groups need access to email, the internet, and so on. If an employee doesn’t need it, turn it off.”