5 Things You Don’t Know Because You Weren’t At CU InfoSecurity 2013
Around 50 credit union IT executives filled the meeting room at the Platinum Hotel in Las Vegas and, over three days last week, they heard from speaker after speaker with new warnings, fresh approaches to helping employees dodge phishing attacks, and above all, better ways to protect the data that are the lifeblood of any financial institution.
Face it: the era of the crook with a mask and a gun robbing a financial institution is fast disappearing. Value today is in data and it’s the data that are under relentless assault by ever smarter crooks.
* Get alerts to suspicious activity in real time, urged Kevin Nikkhoo, CEO of CloudAccess, a security-as-a-service startup.
Getting them later could be catastrophic.
* You can’t count on the credit union CEO. Twice, in just the past year, Bruce Smalley, a vice president at ACI Defense, said that his company found credit unions that had suffered malware infections because their CEO was exempt from safe browsing restrictions that just about every other employee had to abide by when using workplace computers.
Smalley is a big advocate of “restrictive browsing policies” but, he stressed, the policies to be most effective need to be applied to every employee. Including the boss.
* Protect data, not devices. That was a central message from David Applebaum, a senior executive with Moka5, a Silicon Valley data security firm.
The Moka5 message: it just is not possible to reliably protect every device on the network (not in an era of BYOD), so Moka5’s approach is to put sensitive data and applications in a protected virtual container that is easily downloaded to any device, via a centralized management system.
* Make the member part of the solution. Too often, said Jay McLaughlin, an executive with Q2ebanking, members are viewed as part of the problem - but the smarter approach is to enlist them into helpmates in solving the problem.
How? Encourage them to sign up for account activity alerts – and recognize that the majority of cases of theft are first detected by the account holders.