Federally insured credit unions have been told to ensure they have security measures in place in the wake of several recent online breaches.
The NCUA issued a regulatory alert telling credit unions to have "robust enterprise-risk management practices in place," including assessment, mitigation and controls, measuring and monitoring.
"Lack of proper monitoring and control systems allows attackers to gain entry into a target environment through phishing, spear-phishing, drive-by malware injection and other malicious techniques," the agency said. "Successful attacks often compromise sensitive member information which may lead to fraud."
The NCUA letter did not mention any specific incidents but told credit unions that the agency expects them to carefully review recent advisories it included from the National Security Agency and the U.S. Computer Emergency Readiness Team.
Recent breaches include incidents at RSA, Sony, Epsilon and Michaels, as well as a series of apparent spear-phishing attacks that moved a reported $11 million from business accounts at U.S. community banks and credit unions to Chinese banks.