Mastering the Challenge of Disaster Recovery

 

Credit unions are no stranger to the physics of Murphy’s law. If something can go wrong, it will. In an age where cybercrime is hotly discussed and natural disasters crop up when they are least expected, it’s crucial to understand the potential risks of losing data as a credit union.

Risks can be natural or manmade, across a wide spectrum—from wildfires to hackers, a comprehensive disaster recovery solution should cover a range of potential disasters. However, that solution does not need to be extremely specific. The most common errors include natural disasters, cybercrime, and human error. The specific risk you’ll need to prevent is never certain—that’s why disaster recovery functions as such an important form of insurance. 

A disaster recovery solution shouldn’t be bulky and expensive. 

The most common solution(s) for disaster recovery purposes are typically physical locations. However, physical data storage drives up costs in the form of equipment,  connections, and employees that are in charge of managing those hefty physical elements. In addition, when a physical approach is taken, multiple physical locations are used, further driving up costs.

Your customers expect excellence when they access your services through digital channels and share their valuable information with you. Those requirements translate to the safety of their data. You don’t want to lose customers since you failed to implement a solution that protected their information.

These expectations stem from our everyday conveniences—how did you feel the last time your internet went down? Customers expect the same fluidity. When you develop a disaster recovery solution, the effectiveness of the solution should mean that customers don’t experience hiccups in their digital experience. 

While you can’t prepare for a specific disaster, you can prepare for the worst.

The disaster recovery challenge is characterized by the way one responds to the breach. If a breach or disaster does occur, learn how to respond and recover from cybersecurity incidents

If you haven’t made disaster recovery a priority for your credit union this year, you may want to consider its role in your business: financial institutions are often the target of cybercrime and natural disasters are never predictable. Plus, there are many advantages to prioritizing disaster recovery.

With disaster recovery come the following benefits:

  • Minimized downtime and rapid business restoration
  • Near-zero data loss with on-site backups and real-time replication
  • Our secure branch communications allow immediate connections

Disaster recovery shouldn’t be a difficult term to hear, because it is more about planning than it is about the actual scenario. When the need for your disaster recovery solution to kick into place arises, you can rest easy knowing that you’ve implemented the best possible planning beforehand.

Essentially, disaster recovery plans are a form of insurance. We help to ensure that the challenges you face can be remedied smoothly and efficiently—the IMS Crash Response team is ready 24/7 to respond to any disasters. Find out more about how you can optimize your disaster recovery response.


Rising Trends in Email Scams and Phishing

From large to small, the financial services sector is often the target of email phishing schemes and other malicious attacks, and credit unions are no exception. The FBI reports that Business Email Compromise or Email Account Compromise (BEC/EAC) has seen a surge in those types of attacks, now a “$26 billion scam.” These exorbitant losses have prompted the FBI and law enforcement to become highly versed in the nature of these scams and how they are perpetuated. Still, fraudsters are always using more cunning methods to successfully access sensitive information.

Business Email Compromise is on the rise

Account takeovers are a part of this influx in Business Email Compromise, though some also speculate that these account takeovers include data gathering, which is then used to create ACH files. The Association for Financial Professionals (AFP) survey reports that ACH credit scams using BEC rose from 12 percent in 2017 to 33 percent in 2018. 

BEC is a robust effort on the part of fraudsters, who target those in companies with financial credentials access through a variety of measures. This may include social engineering, or grooming, combined with network intrusions. It’s a patient effort and one that continues to rapidly develop as these efforts continually seek to evade law enforcement. These fraudsters can cultivate the appearance of a relied vendor or another business, and exploit those with access to financials to provide sensitive information.

Fraudsters do their homework

It would seem that most phishing scams are obvious and avoidable, but the ingenuity of hackers and the development of new technologies and tactics indicate that companies need to stay on their toes through protection and cybersecurity education. Those seeking to infiltrate accounts and information will take the time to even look at social media accounts and other marketing to understand the culture of a company.

Email fraudsters have become savvier at making payroll fraud schemes appear to be official direct deposit submission forms, and might include an email with details requesting changes to direct deposit information. When that information is provided, the information points to another account, often a prepaid card. For example, one type of email scam includes a link to a spoof login page. When employees input their credentials to this page, the fraudster can use this information to access other employees’ personal information. 

In other cases, the fraudster might not request a transfer of funds. Rather, they are looking to obtain W-2 forms and Personally Identifiable Information.

Even while fraudsters are developing new methods of getting in, they’re also developing new methods of getting away. Domestic wire transfers have become more common than international ones, as law enforcement is now savvier at detecting those transactions when they are international since there is a slight delay in processing. During that lag in time, law enforcement is able to step in and stop the transfer. 

In 2018, Operation WireWire, involving the efforts of the Department of the Treasury, U.S. Postal Inspection Service, and the Department of Homeland Security, a six-month mission which resulted in dozens of arrests across the globe, and helped to recover $14 million worth in fraudulent wire transfers. 

Steps for prevention

The efforts of fraudsters have a significant impact on the global economy. Learning how to stop these malicious attacks on your business not only helps to ensure your members’ well-being but contributes to a greater purpose.

Educate your employees: 

Give employees clear, actionable instructions for looking out for the following:

  • Mismatched emails or URLs that don’t represent the business or person it claims to be sent from;
  • Any misspellings or unfamiliar URLs should be an immediate red flag;
  • Get versed in the most common leading BEC email keywords used in 2018;

Steps you can take:

  • Enable two-factor authentication or use another channel to verify requests for account changes.
  • Monitor finances and note any irregularities, especially missing deposits. 
  • Update all systems and keep software patches on

Being the victim of BEC can be an enormous financial loss and blow to a company.

In our compatibility with various types of credit union software, we provide an advantage to a wider berth of credit unions. We help you to provide a sense of security to your customers. 

If you’d like to learn how you can stay protected against financial cybercrime, get in touch.

Read more about why credit unions are a common target of email scams.


A New Decade in Cloud Computing

The cloud will explode in 2020, and financial services will be at the forefront of this surge. In comparison to insurance and healthcare, financial services have seen the biggest growth in cloud computing adoption “beyond basic cloud maturity.” 

LogicMonitor’s Cloud Vision 2020: The Future of the Cloud Study reports that 83 percent of enterprise workloads will be in the cloud by 2020. In 2020, People’s Choice Credit Union aims to be fully-digital

Gone are the days when credit unions had to worry about data storage sizing. The advent of cloud computing means that capacity is no longer a problem. 

But how can you ensure that cloud computing will be successfully incorporated into your business? How will you ensure that your members’ data will be safe?

Cybersecurity and the cloud

Cybersecurity developments in the cloud have been prepared for the potential of attackers. 

It’s understandable to be wary about the switch to cloud services when financial industries like credit unions often see data breaches. However, many misconceptions about the cloud are cause for delay in using it. In fact, research has demonstrated that cloud systems provide more security than traditional IT systems.

Benefits of cloud computing backup 

If your IT staff is fielding security breaches and abandoning other important tasks, the switch to cloud computing can help to prevent those intrusions and liberate your staff to focus on other efforts of value, such as member-focused solutions. 

Continually monitored, updated, and audited, layers of protection with the cloud system help sensitive information to stay safe. Security is a full-time gig, and your IT team won’t be able to focus on efforts of greater value if they are continually faced with issues related to cybersecurity. 

Disk-to-Disk solutions, for example, can be an effective measure in data organization and potential recovery. Agile and scalable, cloud computing can help to open up new markets as well.

Adapting to the cloud computing system

Don’t assume that the switch to cloud computing alone is safety measure enough. Proper implementation of the cloud and assistance along the way can ensure that your layers of protection are secure. 

We can help with transitioning your team to this type of system, and your employees will be able to shift their focus to efforts that improve the member experience. 

For companies that work with a large amount of sensitive information on a daily basis, cybersecurity will always be one of the biggest concerns. When you’re looking to implement a system to bolster your cybersecurity efforts, it should be a complex, multilayered approach. We can help to guide you throughout this process and ensure that you’re taking the correct steps.


Cybersecurity Developments in the Cloud

 

For some CU executives, cybersecurity is a topic that causes them to lose sleep at night.

With 2020 looming ever closer on the horizon, it’s important to be aware and prepare for the inevitability of cyber attacks on financial institutions. Cyberattacks are becoming more powerful, intricate, and in even more instances, automated. Financial institutions must now prioritize cybersecurity.

Most credit unions don’t have the strongest security systems, nor do their employees have the adequate skills and training to assess threats properly. The anxiety of CU executives largely stems from the need to catch up with these threats and adapt systems that anticipate the sophistication of these attacks and the signs that they could be experiencing a threat.

Making the switch to cloud computing 

Misconceptions about cloud computing can prevent some CU leaders from making the switch when they should. However, private cloud backup and hosting can significantly improve the nature of your disaster recovery system. By backing up your data to the cloud, you’ll be giving yourself a safety net should a data disaster strike.

Benefits of Backup:

  • With centralized configuration, you won’t be storing unnecessary data. You can specify what data needs to be backed up, rather than chipping away at your valuable investment. You’ll only secure your data the way you prefer.
  • With IMS, we leverage Disk-to-Disk solutions which help you to organize your data and easily recover it. 
  • IT Departments can free up their time to focus on more member-facing solutions, rather than maintaining a server at a physical location. 

Many believe that their cloud security is safer than it actually is. 

Once upon a time, credit unions stored their data in remote facilities. With one physical location, the risk was much more significant. Now, data is largely safe from many potential risks. However, cybersecurity threats remain one of the hottest topics concerning financial institutions, and active security management must meet the gravity of these risks.

When cloud security is properly implemented, there are many benefits to this type of system. When cloud security sees human error in configuration, this means there are gaps in the system that need to be adjusted.

If you’re running with a lean IT staff, it could be beneficial to add layers of protection to your system. Secure cloud computing measures free up IT resources to focus on providing more member value. 

Still, cybersecurity is a complex, layered system, and requires significant time and effort. Let us help guide you along the way. 


The Difference Between Credit Union Disaster Recovery And Business Continuity Planning

Most people use the terms “business continuity planning” and “disaster recovery” interchangeably, but they are two completely different strategies that organizations use to protect operations and bounce back from a disaster.

What are the main differences between business continuity plans and disaster recovery plans anyway? While the exact answer varies depending on who we ask, the general rule goes:

  • A Business Continuity Plan (BCP) consists of a series of protocols made to make sure that an organization can continue operations during a disaster. It answers the question: “How can our credit union remain operational during a disruptive event?”
  • A Disaster Recovery Plan (DRP) is often a subset of BCP and refers to the processes and tech needed for recovering from a disaster. It specifically pertains to recovering lost data and restoring failed infrastructure. This answers: “How does our credit union recover when a disaster strikes?”

Think of a BCP as a general strategy that businesses put in place to be able to continue operations with minimal disruption during a disaster. A DRP is much more specific. It’s a plan to recover the applications, data and other components that allow your organization to operate should your servers or data center get damaged or destroyed. 

Why are both Business Continuity Plans and Disaster Recovery Plans important?

Now more than ever, credit unions have to guard against a number of threats that can hinder operations. Aside from natural calamities such as earthquakes, fires, hurricanes, or floods, you now have to protect yourself from man-made threats such as cybercrime and attacks from competitors or disgruntled employees. Without both of these plans in place, your credit union may face severe consequences.

According to a study by FEMA (Federal Emergency Management Agency), “following a disaster, 90% of smaller companies fail within a year unless they can resume operations within 5 days.” Without comprehensive plans for preparing for these events, financial institutions are wide open targets.

By focusing on creating and regularly updating both business continuity planning and disaster recovery planning, leadership can make sure that their credit unions can weather through these events.

How do BCPs and DRPs overlap?

In actual use, both plans are referred to when describing an organization’s disaster preparedness. However, it’s very important to remember that a comprehensive business continuity plan will always have a disaster recovery plan built right into it. Think of your BCP as a master document that covers all aspects of your credit union’s disaster prevention, management and response, including the necessary recovery protocols. You can’t have an effective business continuity plan without tackling how your credit union will recover from different kinds of disasters.

Are you ready to fully prepare your credit union for any potential disaster? IMS has your back. Learn more about our Business Continuity Planning and Disaster Recovery solutions!


3 CyberSecurity Issues That Credit Unions Need To Watch Out For

Is secure disaster recovery one of your credit union’s priorities this year? Now more than ever, financial institutions should place higher importance on resilience after cybersecurity incidents, IT failures and severe weather events.

The majority of the context for disaster recovery planning involves the types of disasters your credit union wants to defend against. Previously, we would see IT outages, power failures and natural disasters as the top three threats to watch out for. However, over the past few years, the likelihood of a cyberattack occurring is more dominant than anything else on the list. This is why secure disaster recovery should be a priority.

While they almost feel equally disastrous, blackouts and floods aren’t on the same level as cyber criminals who are proactively looking for ways to breach your credit union’s defenses. Criminal organizations have been increasing the frequency of their attacks, their use of automation tools, and improving their social engineering tactics to raise their chances of successfully attacking certain industries and organizations.

Data breaches and disaster recovery planning go together. Cyber criminal groups are extremely aware of the security measures that vendors are implementing. Take a look at 3 cybersecurity issues that should drive your credit union to prioritize disaster recovery:

  • Ransomware

Unfortunately, this type of attack is stronger than ever, especially in the credit union industry. According to the Beazley Breach Response Services team, the number of ransomware attacks ballooned in the first quarter of 2019, reporting an increase of 105% in the number of attacks against clients compared to last year.

Hackers are also doubling down by implementing ways to stop IT departments from recovering by either incorporating a “ransomware attack loop” or compromising your backups. This technique is specifically designed to attack your credit union’s ability to recover. 

  • Compliance

More and more compliance laws are taking effect and your credit union needs to act now. GDPR and the Ohio Data Protection Act are currently in effect, while the California Consumer Privacy Act follows next year.

These laws work to protect customer privacy and require similar protection around the integrity and security of their data. This directly affects your disaster recovery strategy around making sure that you can restore security and the data itself back to a usable state.

  • Island hopping (targeted attacks)

This advanced technique involves cyber criminals gaining access and control over systems, user emails and accounts in one organization to be used to commit data theft, fraud and other crimes in another company. For most cases, hackers create entirely new accounts and separate emails as part of their strategy. So even if your credit union is not the target victim of a group, the cleanup involved after being part of a data breach includes securely returning the company’s data and systems to its right state.

Compliance standards and cyberattacks require organizations to plan well in advance for these types of disasters. IMS’ Disaster Recovery services ensure that in the event of any unforseen event, your credit union will be able to quickly resume operations. 


Credit Union Promotions To Increase eStatement Adoption – Part 2 of 2

The biggest obstacle to promoting credit union eStatement adoption and convincing members to enroll is knowing how to properly address their needs, attitudes and preconceived knowledge. This is why the most effective promotional campaigns focus on respectfully educating members about eStatements, helping them shift their attitude in a positive manner, and reassuring them that everything they need in paper statements can be found in eStatements as well. 

Take a look at some successful approaches that have been adopted by credit unions nationwide:

Incentives (Freebies & Promotions)

Let’s face it, freebies and prizes are extremely popular with the majority of consumers. Some financial institutions give away small, personalized prizes such as umbrellas, flash drives, mugs or even free checkbooks to those who switch to eStatements.

Sustainability Approach

This strategy is more effective than you might think because it also helps your brand leave a positive mark on your members and community. Pushing for more environmentally-friendly services invites members to join you in your efforts to improve the environment. 

While this approach is more motivating for some people and not motivating at all for others, there is still another angle you can address to help the latter form a positive attitude toward going green. Removing paper statements helps members cut down on clutter and also reduces the risk of identity theft. 

Tie up these efforts with your CSR by offering to plant trees for each member who switches to eStatements. This type of promotion works exceptionally well during environment-related holidays such as Earth Day in April.

Educational Angle

The first question you should answer is whether or not customers are even aware that you offer eStatements. Advertise the program on the back flap of your printed statement envelopes so they’re difficult to miss. Develop in-branch posters and encourage Member Service Representatives to talk to clients about it in a casual manner. 

Addressing Their Needs

One of the biggest fears that members have, particularly those who aren’t familiar with eStatements, is that the latter won’t have the information that they’re used to seeing in paper statements. Designing your eStatements to look like the printed version is a great way to address this concern. 

Reassure your members that the only change they should expect is that they should now receive their statements much sooner compared to the paper version, that they can view it using any device, and that the statements are safely stored and archived for quick review whenever they need it. Soon enough, they will appreciate how easy it is to access these important documents in a few clicks compared to going through stacks of files.

Whatever you decide in order to promote eStatements to your credit union members, make sure to include an internal educational campaign for your employees as well. If they confidently know the benefits of eStatements, they’ll be ready to promote its adoption among members. You could also launch an internal incentive program for staff who successfully encourage members to sign up for eStatements!

Need a trusted partner to serve your credit union’s IT needs? We also provide industry-leading data center services, such as disaster recovery, colocation and much more. Contact IMS today: http://www.cusolution.com/contact/


Strategies For Encouraging Credit Union Members To Adopt eStatements – Part 1 of 2

Adopting eStatements for your credit union provides a wealth of benefits for you and your members. Convincing those who already subscribe to paper statements can be challenging, but the right strategy makes a world of difference. 

There are three primary strategies you can follow to enrol new and existing members in your eStatement program. Here are the pros and cons of each:

The Default Option For New Members

This strategy involves making eStatements the default choice for new members only. If they prefer having paper statements, they can choose to opt in. This approach works because people in general tend to go along with the default option. 

Choosing this strategy helps your credit union cut down on costs and has a positive effect on the environment without hurting customer sentiment since they can always switch. Make sure that you Member Service Representatives educate clients when opening new accounts so they aren’t taken aback.

The Voluntary Opt-In 

For some credit unions, making eStatements the status quo for new members may seem too radical. A safer alternative would be a voluntary opt-in approach. The success of this strategy largely depends on how well you market it to members and the various incentive programs you can use to raise awareness among them. If not, it’ll be very unlikely that a significant number of members will make the switch without prompting.

The Mass Switch

A high-risk yet high-reward approach is to switch everyone’s default to eStatements. This option requires a lot of notice several months in advance and strong customer service efforts in order to avoid a backlash. While younger members might not even notice the change, less tech-savvy clients might get upset or confused. Make paper statements an optional choice for these types of customers.

Another option is to add a monthly service fee for those who choose to get paper statements delivered. One downside is that those who prefer paper statements might grumble at having to pay for something that used to be free.

IMS’ eStatements and eNotices solution speeds up the entire process of generating and sending statements to your members. It drastically cuts down on the time it takes to complete the process (and the equivalent cost!) as it already follows the format required by your print vendor. 

Additional benefits include instant notifications sent to members once a new eStatement is generated, easy access for your team, integration with your internet banking vendor, secure hosting of notices, member statements, tax documents, and more.

Connect with us to find out how we can help you and your members transition to eStatements here: http://cusolution.com/contact or read our next blog post for more promotion strategies that will help increase eStatement adoption!