Technology is a credit union's most often used line of defense in protecting its assets against security breaches. In reality your biggest risk – and greatest defense – on Internet security is your employees. In most organizations, employees are not aware of the security exposure they pose every day. It's that human factor fraudsters and security hackers prey on to carry out crimes undetected until it is too late. A 2003 Computing Technology Industry Association report cites human error for more than 63% of security breaches. And the greatest security risk facing companies and individual Internet users today – according to IT researcher Gartner – is the use of "social engineering" to bypass information technology defenses. Social engineering is "the manipulation of people, rather than machines, to successfully breach security systems," Gartner says; examples include criminals posing as legitimate businesses to gain access to information, or persuading a computer user to click an e-mail link or open an attachment rigged to give criminals access to information. According to a recent study conducted by the National Cyber Security Alliance (NCSA), most computer users think they are safe but lack basic protections against viruses, spy ware, hackers, and other online threats. They found: *77% of computer users think they are safe from online threats but. *67% of computers lack current anti-virus software, and one in five are infected with a virus *80% of home computers are infected with spyware/adware; 88 percent didn't know they were infected *49% of broadband users lack any firewall protection The best defense in strengthening IT security at your credit union is through employee education programs. It is vital to educate your technical staff, security staff and general users differently on the latest threats and latest technology prevention. Here are some areas to consider: Understanding Malware Malware (Malicious software) is designed to make bad things happen to your computer. There are three types of malware and it is important to know the differences because they affect your system and network in different ways. A. Viruses infect your computer and make them sick much like a flu virus makes a person sick. Viruses must piggy-back on another program, file or file system to run and generally come through opening an email. They infect other programs or documents once running. B. Worms are self-replicating programs similar to a virus and infect at an extreme rate of speed. A worm is self-contained and does not need to be part of another program to propagate. Most importantly, they do not require user intervention to run. C. Trojan is a malicious program that is disguised as legitimate software. They may look useful or interesting but are actually harmful when executed and do not replicate themselves. Good Usage of e-mail e-mail is one of the easiest and most used forms of communication, so it is critical employees be careful and use it safely. When subscribing to newsletters, etc., know the possibility is high that your email address will be forwarded. If the sender of an e-mail is unknown, it is best to delete it. Online newsletters have always been difficult for users to unsubscribe, so think twice prior to signing up. In most cases, once you unsubscribe, you actually confirmed your email and it could be placed on other lists. These few actions can reduce your organization's SPAM, improve e-mail performance and lower your risk for a virus. Implementing Patching, Antivirus Software and Personal Firewall Educate your employees around the reasons and importance for use of personal firewall, antivirus and patching. The best way to describe the value of patching and antivirus is through a "mouse in the house" analogy. First, fix the hole where the mouse entered (This is your patching with the latest software patches, generally available through computer applications, like Microsoftr Windows), then install a mouse trap (this is your antivirus software used to prevent the things that exploit the holes) should another mouse get in via another hole. The personal firewall provides you the ability to block and limit who or what can access your system, set a baseline of what is allowed to run on our PC, as well as alert you to abnormal events on your PC. Passwords Though still important, passwords are now considered one of the weakest forms of authentication. The biggest mistake employees make is sharing their passwords, writing them down or never changing them. As a guideline, the best password is one that is meaningless, has a minimum of eight characters, uses uppercase or lowercase letters, symbols and numbers. Passwords should be changed regularly, at least every 90 days, and never divulge your password or username to anyone. Preventing Social Engineering Social engineering in the simplest terms is getting someone to do something on the fraudster's behalf. These social engineers turned fraudsters play on one's emotions like, fear, willingness to help and urgency. Targets are usually people who have access to information but don't check the source. The best way to avoid this is to deploy a callback strategy; this will test the validity of their request or deter the fraudster altogether. Managing Internet Use The internet is a valuable tool that provides for the use of productivity applications like email, web browsers and instant messaging, but also creating more security concerns for your business. The internet is a pipeline into your network and systems, thus it is critical employees understand the basic precautions. Their actions in how they use the Internet can lead to viruses, worms, trojans, or more SPAM email infecting your network. Other things to consider: Have written Internet and computer usage guidelines distributed to employees. Have network security technology like firewalls, anti-virus servers and intrusion detection systems built into the infrastructure, and for those employees not on a network, instruct them on how to add the equivalent systems. Close your wired or wireless Internet connections when you are done, and when you leave your desk, either log off, or lock your computer.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.