5 Breach Management Tips
Identity theft has become a rite of passage for both enterprises and individuals. For credit unions, making the right decisions about breaches and identity theft can protect reputations and save time and money better spent on growing the world of possibilities for your members.
A wrong decision can mean extinction.
Credit union members often enjoy a huge advantage over customers at larger financial institutions because of the member-centric way you do business. A great way to enhance member acquisition and retention efforts, as well as build goodwill, is to provide free access to meaningful credit and identity theft education, transactional monitoring programs and high touch resolution services. While your competitors in the banking world offer like services to their customers, few – if any – provide them at no cost. In fact, most charge a great deal for monitoring products that are long on bells and whistles and short on services. Just ask the OCC.
That said, your competitive advantage and goodwill can vanish, and the financial viability of your organization be jeopardized, if you don’t adequately secure member and employee data or fail to respond to a breach with urgency, transparency and empathy.
Here are five ways your credit union can add value for your members, as individuals as well as stakeholders, by minimizing risk, monitoring systems and having a proper damage control program in place.
1. Identity Theft Education
While identity theft really no longer is an “if” in any respect, too many people still don’t believe it is the “when” crime. You can add serious value for your members, and better protect your community, by providing tools and content, and teaching personal information hygiene. The victimization of any employee or member can provide a gateway for an identity thief into the organization thereby exposing all stakeholders to losses. The better you educate your members to the warning signs of identity theft and the personal and community dangers inherent in victimization, the more inclined people will be to say something if they see something and understand what it is.
2. Monitoring and Damage Control
In a world awash in data due to unwitting or purposeful over-sharing on social networks and breaches that have exposed more than one billion files containing personal identifying information to hackers and identity thieves, the ability to quickly detect victimization and have access to a dedicated fraud expert can mean the difference between an unpleasant personal experience and a life disrupting event.
Credit union members have jobs to do and families to raise and support. They have neither the time nor the expertise to know what is happening to their data as it flows through the cyber-sphere or what to do in the event that they are compromised.
In order to protect each member, as well as the community, you should provide access to credit and public records monitoring programs, as well as a damage control program (even if the victimization didn’t originate within credit union), at little or no cost. If the goal is to protect the member and defend the community, then you need to offer a holistic solution with fraud experts who work to resolve all identity theft issues and not just those flowing from a compromise of your credit and debit cards.
3. Digital Risk Management
The barbarians are at the gate. There are bots and scoundrels running 24/7 scouring the hills and dales of the Internet looking for a crack or crevasse through which to slither and when they find it, woe betide whoever – or more to the point, whatever – happens to reside there.
A value-add for all of your stakeholders is to engage outside experts to test your existing battlements (both technological as well as human) and find the weak spots before the bad guys can exploit them. This also involves review of your compliance and training programs.
4. Breach Preparedness
More than 800 million records were breached last year alone, and that number is growing exponentially every day. The best time to have prepared for that inevitable breach was yesterday, but today will have to do.
There is nothing like a data breach to make your day-to-day business grind to a halt. Even if your team is completely up to speed on all the possible pitfalls that open up like hungry maws post-breach – damage to brand erosion, loss of business, potential lawsuits – there is a lot to navigate in the way of regulations and compliance.
Many states have laws in place that dictate when and how an institution must notify people who have been affected by a data breach. They vary from almost non-existent to super stringent, with Florida leading the way with the most on-point rules.
While regulators require credit unions to have breach response plans in place, having a comprehensive plan and being able to implement it from muscle memory are two very different things.
A value-add for all of your stakeholders is to proactively retain the services of an expert organization that can help you to professionally, urgently and transparently respond to a breach. Work with them to design a plan to quickly provide comprehensive notification to state and federal authorities and affected members and employees, effectively interact with the media and smoothly implement a customized solution that responds to the type and level of compromise rather than simply offering a knee-jerk credit monitoring solution.
5. Breach Resolution
There is a critical difference between call center operators who read scripts that tell frightened members what to do after a breach is announced and fraud center experts who help potential victims with fraud alerts and credit freezes and do the work to restore credit and reputations.
It is a stakeholder value-add to find the right high-touch resolution organization, and much wiser to retain that identity theft solutions provider pro-actively rather than reactively.
Along with death and taxes, you can pretty much count on a breach and identity theft, or an identity-related crime, happening at some point in the cradle to grave continuum – its evolution over the past decade moving from weird aberration to pandemic to third certainty in life. Properly educating your members, helping them to monitor their credit and transactions, providing access to fraud resolution experts, testing your defenses, preparing your credit union for the inevitable breach and responding with urgency, transparency and empathy when the unthinkable occurs will contribute mightily to the security of the community and lessen the likelihood that a data compromise will result in an extinction level event for your credit union.