Cybersecurity is currently the No. 1 concern for financial institutions, according to Richard Thorne, assistant vice president of the Denver Examinations and Inspections Department at the Federal Reserve Bank of Kansas City. The primary target is wire fraud, which is most often perpetrated through social engineering.

“It’s scary stuff,” says Thorne, who spoke during Monday’s general session at the CUNA Governance, Risk Management & Compliance Leadership Institute in Denver. He notes that in the past perpetrators targeted big banks, but recently have set their sights on community financial institutions.

He advises credit unions to always follow their policies and procedures regarding cybersecurity and wire transfers. He cites the example of a cyberthief who worked with a bank for a year before the financial institution deviated from its policy, at which point the perpetrator took advantage of the opportunity.

For the same reason, credit unions should also strictly adhere to wire and automated clearing house (ACH) limits, he said.

It’s important for financial institutions to have relationship with law enforcement, Thorne says, because if an incident were to occur, that relationship will make it easier to stop a wire transfer. Thorne offered five best practices for credit unions to follow in their cybersecurity:

1. Assign responsibility for cybersecurity to a committee or individual.
2. Review cybersecurity at every board meeting.
3. Implement a plan to address gaps in risk management practice.
4. Implement social engineering detection training with frontline staff.
5. Improve overall detection of cyberattacks. The average time to detect a malicious or criminal attack is 170 days, Thorne says.