Cyberattacks happen every 39 seconds in the United States, with 2,200 cyberattacks happening per day and 800,000 attacks occurring each year. This number is only expected to grow as time goes on, and the price of succumbing to these attacks is expected to grow along with it. There are many ways to try to prevent a cyber attack, but one of the best defenses against cybercriminals is education and awareness.
Since 2004, October has been designated as Cybersecurity Awareness Month, dedicated to the purpose of educating both individuals and companies on how they can limit cybersecurity risks. As credit unions, this month is not only a great opportunity to educate members on how they can be more vigilant, but to re-examine your own credit union’s cybersecurity precautions, staff awareness, and potential risks.
Every day, cybercriminals are seeking out new ways to get past your credit union’s defenses, whether that be through malware, ransomware attacks, or phishing attacks. These attacks are more frequent than ever and harder to detect than ever. In the first six months of 2022 alone, over 2.8 billion malware attacks and 255 million phishing attacks were reported, according to Astria, and the average price of dealing with a data breach is estimated to be $9.44 million.
Research new technologies and protections
With that in mind, there can be no better time to familiarize yourself with your current cybersecurity measures and research any new potential measures you might be missing out on. There is a significant amount of due diligence that comes with cybersecurity, and tackling it can feel daunting, but it is much preferable to the alternative. If you need motivation to conduct this due diligence, Matt Sawtell can tell you just how time-consuming and expensive an attack can be.
When examining your current strategy, there are a number of safety measures and protocols your credit union should have in place. If you’re missing one of these key items, your credit union is at a much greater risk of not only experiencing an attack but of that attack costing more and a larger amount of data being stolen.
First, if you don’t have cyber liability insurance, get it. This is critical in protecting your institution in the event of an attack. However, as Patrick Sickels notes in his article on cyber liability insurance, the premiums and criteria to qualify for insurance are increasing as carriers have faced significant losses from organizations with poor protections in place. At a minimum, your credit union will be expected to have a strong multifactor authentication set up for all staff and members. If you don’t have these in place, now is the time to start.
Not only should you be checking your credit union’s safety measures, but the protocols of any vendor your credit union works with. If a vendor is the victim of a data breach, your credit union and its members could be impacted as well. A study conducted in March 2021 by Black Kite found that 86% of credit unions and 76% of vendors servicing the credit union industry have breached employee credentials available on the dark web. Additionally, more than 66% of credit unions and 88% of vendors lack email security to prevent spoofing and phishing attacks. If your vendors are at risk, so are you.
Furthermore, ensure your credit union has a business continuity plan in place that highlights what steps should be taken in the event of a cyberattack and uses tabletop exercises to practice these protocols. What should an employee do if they click on a suspicious link? Who should cybersecurity incidents be reported to? If your credit union is the victim of an attack, how will you inform your members of the issue? Knowing how to respond to an attack can be just as critical as preventing it in the first place.
Finally, ensure that your employees are educated and up-to-date on your credit union’s cybersecurity. What protections are in place that they should know about? How can they detect a phishing attack? No matter how good your security is, if your employees are uneducated on the topic, the credit union is at risk. All it takes is one person clicking on one wrong link to let malware in and give hackers a foothold in your system. It was mentioned earlier but bears repeating: one of the best defenses against cybercriminals is education and awareness.
In the spirit of education and awareness, it is essential to remember that Cybersecurity Awareness Month isn’t just about updating your credit union’s safety measures, it is also about educating your members on best practices in regard to scams, fraud, etc., and teaching them how to be on the lookout for tricks and bad actors.
Often, scams can seem all too obvious. Of course that Nigerian prince isn’t real, and of course he doesn’t need your help. Clearly, that email from Apple telling you that you spent $5,000 on the Apple Store is fake. But the reality is that many people cannot recognize those obvious tricks, and it is even more difficult for them to keep up with all the new tactics scammers are deploying. Facebook Marketplace, for example, is ripe with scammers, but they can be tricky to spot.
Additionally, it can be easy to assume that only older generations or those who are not tech-savvy would fall prey to these schemes, but that’s not the case. Now more than ever, younger generations are victims of fraud. According to the Federal Trade Commission’s Consumer Sentinel Reports, younger adults are 86% more likely to fall for online scams, such as shopping and investment scams. They see an ad via social media at a price that seems too good to be true only to end up never receiving the item or getting an item that looks nothing like the ad they saw. They are also more likely to fall for romance scams via dating apps.
Older generations, on the other hand, were 398% more likely to fall victim to tech support scams and 126% more likely to get involved in prizes, sweepstakes, or lottery scams. These losses were also more significant than those of younger generations, with the mean loss for each scam being $800 for those over 60 and a whopping $1,800 for those over 80.
Make it your credit union’s job to update your members on the latest methods of fraud you’ve seen and educate them on ways they can avoid these bad actors and keep their accounts safe. A weekly post on social media or an informational flyer in your branch can go a long way. If they know to look out for it, they’ll be much more successful at spotting and stopping it.
The time is now
Cybersecurity Awareness Month is not a summons, but it is a great opportunity to find ways to improve your credit union’s current protections and offer much-needed education for employees and members alike. If you’re not currently involved in Cybersecurity Month, now is the perfect time to get started. Even small steps—a social media post, a short staff meeting, or a tabletop exercise—can go a long way and make a huge difference.
If you’re looking for advice or ways to get started, you can check out our articles on the topic!