Operating system vulnerabilities–those holes in the firewalls exploited by roaming worms, viruses and such–are no longer as much the target of fraudsters, who now are launching more focused, covert attacks on individual institutions, making the need to control access while monitoring applications and networks ever more crucial, the white paper says.

The fact that credit unions have become a target of choice by phishers and hackers has been well-documented, and the NCUA this past June issued new guidelines that instruct credit unions to ensure the security of member information by anticipating and protecting against threats, including unauthorized access to current information and improper disposal of outdated data.

"To achieve these objectives, an information security program must suit the size and complexity of a credit union's operations and the nature and scope of its activities," the Wescom white paper says.

"However, due to lack of resources or an understanding of the real threat potential, many credit unions do not have the necessary technical controls and policies in place to successfully protect their systems and information," it says.

More than 52 million individual consumer accounts were placed in jeopardy in 2005 because of security breaches, according to the Federal Trade Commission. In addition to the loss of consumer trust, there's an even more tangible bottom line consequence: The Ponemon Institute estimated that a data breach costs an organization an average of $182 per compromised record.

"With so much at stake, credit unions cannot afford to go without an effective network security solution," Guilford says.

The Wescom white paper makes detailed recommendations on ensuring physical security, examining password procedures, reviewing network security settings, monitoring network traffic, securing the online banking operation, and other fundamental ways of adding layers of protection to a credit union network.

Getting help is another fundamental way of securing the electronic frontiers, with a number of companies specializing in finding vulnerabilities and fixing them, says John Best, Wescom Resources Group's director of technology.

"The costs and types of services depend on the individual needs of the credit unions," he says. "The variables to consider are the number of systems, number of choke points and how active the network is. The one thing to keep in mind is that you don't want the company you have guarding the system to also be the company testing the system."

And as technology continues to evolve in credit union land, so will the challenges of protecting it.

"You can build a 10-foot wall and the hackers will show up with an 11-foot ladder," Best says. "The game will never end. In the past it was check fraud and over-the-counter fraud. Now, it's e-commerce."

"The criminals are always looking for new ways to beat the system, and credit unions have to be ready."

The white paper is available by contacting Gina Kovacs at (877) 995-9000, ext. 8678, or [email protected]. –[email protected]