If you think the biggest threat to the security of your memberdata comes from offshore hackers pounding away at your firewall,think again. Intrusion prevention technology has evolved to thepoint where, when maintained properly, it is highly effective atkeeping the bad guys out. So how are they getting in? Why is itthat major data breaches have become commonplace in theheadlines?
|One of the largest law firms in the world, the leading cause ofdata breaches is employee negligence, according to a study releasedthis month by BakerHostetler. The study, titled TheBakerHostetler Data Security Incident Response Report 2015,claims that of the cases examined, 37 percent all data breacheswere primarily the result of employee negligence. Coming in secondspace, as 22 percent, was external theft of a device.
|The FFIEC IT Examination Handbook has included arequirement for “user education in awareness, safe computingpractices, indicators of malicious code, and response actions”since 2006. Credit unions are reporting that examiners are puttingmore emphasis on this now than ever before, for obvious reasons.Your next data breach is as close as one mouse-click by a carelessemployee.
|In one now infamous and clever incident, hackers were intent onpenetrating the systems of a large oil company, but were havingdifficulty. So they shifted their attention to hacking the onlinemenu of a Chinese restaurant next door to the company headquarters.They planted malware on the menu. One click on the bogus link byone oil company employee was all it took to get them in.
|It's important to realize that the information hackers need toset up a scam is readily available. For example, LinkedIn, while avaluable business tool, also provides cyber criminals with a handyif not complete list of your credit union's employees.
|A hacker could, in theory, find the names of both your ITdirector and a teller and, with a little more Googling, determineboth their emails addresses. Then said hacker could send the telleran email with a malware-infected attachment that appears to be fromthe IT director. That teller, if not properly trained in thedetection of such email attacks, would very likely open theattachment—which would appear to be exactly what the email claimedit to be—and send the malware off on its merry way through yournetwork and its servers.
|The math is simple. If 37 percent of data breaches areattributable to employee negligence, 37 percent of data breachesare preventable through better employee education. The key here isnot treating employing cyber-security education as justanother box to check off on a list. Invest in the tools to ensurethat your employees have up-to-date and accurate information, andthen test those employees to ensure that the information youprovide is really being used.
|Do that and you can sleep quite comfortably at night knowingthat your credit union won't be featured in the next big databreach headline.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
