3 Cybersecurity Tips During COVID-19

A crisis is not the time to discover that your backup and recovery solutions do not work.

The current climate of COVID-19 leaves many credit unions vulnerable to fraudsters stealing personal information, money, transaction records and other valuable data. Recently, the FBI reported that there is an increase in business email compromise (BEC) scams that targets anyone who performs legitimate fund transfers. BEC frauds are targeting municipalities that are purchasing supplies and personal protective equipment needed during the pandemic.

Hackers and bad actors are preying on consumers as online buying and digital payments increases during this time of social distancing. Additionally, staff shortages, teleworking and unavailable workers makes it harder to sustain business operations. Any loss or data theft can jeopardize the reputation of your financial institution, damage relationships with members and put your business at risk. Credit unions must be prepared for any illicit financial activity that occurs, similar to other disaster recovery protocols.

To protect your business before disaster strikes, ensure there is a reliable recovery process in place. Here’s where to start:

  • Identify gaps in security. Test data before disaster strikes to provide recovery assurance and identify where there are areas of vulnerability. Tape backups are fragile and subject to damage, theft and destruction. Plus, they involve multi-step procedures that are susceptible to human errors. With more employees working remotely due to social distancing, can you rely on a system that requires scheduling jobs and transporting tapes between multiple locations? 
  • Businessman working from home on computerProvide secure remote and branch office solutions. Having multiple remote office and branch office (ROBO) sites pose challenges when it comes to data protection. There are employees that are reliant upon remote access to do their jobs and need their own data backup. There may also be an increase in the number of cyber attacks on computers, equipment and unprotected networks as employees work from home. Ensuring resources are available and secure through virtual desktops is also key to having a productive workforce without sacrificing security and control.
  • Maintain continuous protection. Using multiple hardware and software components for backup solutions can bog down efficiency. Tapes fail and it’s an inconvenience to drive to the credit union to replace them. Simplify backup and recovery with hybrid cloud environments that lets you manage all your data through one responsive interface. Not only can you recover files in the cloud with a few clicks, you can also manage the frequency and duration of backups. Your credit union will spend less time manually configuring jobs with an automated system.

Now that credit unions are transitioning to conducting more business through virtual means, it’s important you’re using the best systems for backup and disaster recovery. Fraudsters will make every attempt to steal valuable information so your data must be secure, accessible and backed up regularly.

One of the best decisions you can make is to work with Integrated Management Solutions who understands the value of your data. Let’s talk about the right solutions for your credit union.


Rising Trends in Email Scams and Phishing

From large to small, the financial services sector is often the target of email phishing schemes and other malicious attacks, and credit unions are no exception. The FBI reports that Business Email Compromise or Email Account Compromise (BEC/EAC) has seen a surge in those types of attacks, now a “$26 billion scam.” These exorbitant losses have prompted the FBI and law enforcement to become highly versed in the nature of these scams and how they are perpetuated. Still, fraudsters are always using more cunning methods to successfully access sensitive information.

Business Email Compromise is on the rise

Account takeovers are a part of this influx in Business Email Compromise, though some also speculate that these account takeovers include data gathering, which is then used to create ACH files. The Association for Financial Professionals (AFP) survey reports that ACH credit scams using BEC rose from 12 percent in 2017 to 33 percent in 2018. 

BEC is a robust effort on the part of fraudsters, who target those in companies with financial credentials access through a variety of measures. This may include social engineering, or grooming, combined with network intrusions. It’s a patient effort and one that continues to rapidly develop as these efforts continually seek to evade law enforcement. These fraudsters can cultivate the appearance of a relied vendor or another business, and exploit those with access to financials to provide sensitive information.

Fraudsters do their homework

It would seem that most phishing scams are obvious and avoidable, but the ingenuity of hackers and the development of new technologies and tactics indicate that companies need to stay on their toes through protection and cybersecurity education. Those seeking to infiltrate accounts and information will take the time to even look at social media accounts and other marketing to understand the culture of a company.

Email fraudsters have become savvier at making payroll fraud schemes appear to be official direct deposit submission forms, and might include an email with details requesting changes to direct deposit information. When that information is provided, the information points to another account, often a prepaid card. For example, one type of email scam includes a link to a spoof login page. When employees input their credentials to this page, the fraudster can use this information to access other employees’ personal information. 

In other cases, the fraudster might not request a transfer of funds. Rather, they are looking to obtain W-2 forms and Personally Identifiable Information.

Even while fraudsters are developing new methods of getting in, they’re also developing new methods of getting away. Domestic wire transfers have become more common than international ones, as law enforcement is now savvier at detecting those transactions when they are international since there is a slight delay in processing. During that lag in time, law enforcement is able to step in and stop the transfer. 

In 2018, Operation WireWire, involving the efforts of the Department of the Treasury, U.S. Postal Inspection Service, and the Department of Homeland Security, a six-month mission which resulted in dozens of arrests across the globe, and helped to recover $14 million worth in fraudulent wire transfers. 

Steps for prevention

The efforts of fraudsters have a significant impact on the global economy. Learning how to stop these malicious attacks on your business not only helps to ensure your members’ well-being but contributes to a greater purpose.

Educate your employees: 

Give employees clear, actionable instructions for looking out for the following:

  • Mismatched emails or URLs that don’t represent the business or person it claims to be sent from;
  • Any misspellings or unfamiliar URLs should be an immediate red flag;
  • Get versed in the most common leading BEC email keywords used in 2018;

Steps you can take:

  • Enable two-factor authentication or use another channel to verify requests for account changes.
  • Monitor finances and note any irregularities, especially missing deposits. 
  • Update all systems and keep software patches on

Being the victim of BEC can be an enormous financial loss and blow to a company.

In our compatibility with various types of credit union software, we provide an advantage to a wider berth of credit unions. We help you to provide a sense of security to your customers. 

If you’d like to learn how you can stay protected against financial cybercrime, get in touch.

Read more about why credit unions are a common target of email scams.


Cybersecurity Developments in the Cloud

 

For some CU executives, cybersecurity is a topic that causes them to lose sleep at night.

With 2020 looming ever closer on the horizon, it’s important to be aware and prepare for the inevitability of cyber attacks on financial institutions. Cyberattacks are becoming more powerful, intricate, and in even more instances, automated. Financial institutions must now prioritize cybersecurity.

Most credit unions don’t have the strongest security systems, nor do their employees have the adequate skills and training to assess threats properly. The anxiety of CU executives largely stems from the need to catch up with these threats and adapt systems that anticipate the sophistication of these attacks and the signs that they could be experiencing a threat.

Making the switch to cloud computing 

Misconceptions about cloud computing can prevent some CU leaders from making the switch when they should. However, private cloud backup and hosting can significantly improve the nature of your disaster recovery system. By backing up your data to the cloud, you’ll be giving yourself a safety net should a data disaster strike.

Benefits of Backup:

  • With centralized configuration, you won’t be storing unnecessary data. You can specify what data needs to be backed up, rather than chipping away at your valuable investment. You’ll only secure your data the way you prefer.
  • With IMS, we leverage Disk-to-Disk solutions which help you to organize your data and easily recover it. 
  • IT Departments can free up their time to focus on more member-facing solutions, rather than maintaining a server at a physical location. 

Many believe that their cloud security is safer than it actually is. 

Once upon a time, credit unions stored their data in remote facilities. With one physical location, the risk was much more significant. Now, data is largely safe from many potential risks. However, cybersecurity threats remain one of the hottest topics concerning financial institutions, and active security management must meet the gravity of these risks.

When cloud security is properly implemented, there are many benefits to this type of system. When cloud security sees human error in configuration, this means there are gaps in the system that need to be adjusted.

If you’re running with a lean IT staff, it could be beneficial to add layers of protection to your system. Secure cloud computing measures free up IT resources to focus on providing more member value. 

Still, cybersecurity is a complex, layered system, and requires significant time and effort. Let us help guide you along the way. 


3 CyberSecurity Issues That Credit Unions Need To Watch Out For

Is secure disaster recovery one of your credit union’s priorities this year? Now more than ever, financial institutions should place higher importance on resilience after cybersecurity incidents, IT failures and severe weather events.

The majority of the context for disaster recovery planning involves the types of disasters your credit union wants to defend against. Previously, we would see IT outages, power failures and natural disasters as the top three threats to watch out for. However, over the past few years, the likelihood of a cyberattack occurring is more dominant than anything else on the list. This is why secure disaster recovery should be a priority.

While they almost feel equally disastrous, blackouts and floods aren’t on the same level as cyber criminals who are proactively looking for ways to breach your credit union’s defenses. Criminal organizations have been increasing the frequency of their attacks, their use of automation tools, and improving their social engineering tactics to raise their chances of successfully attacking certain industries and organizations.

Data breaches and disaster recovery planning go together. Cyber criminal groups are extremely aware of the security measures that vendors are implementing. Take a look at 3 cybersecurity issues that should drive your credit union to prioritize disaster recovery:

  • Ransomware

Unfortunately, this type of attack is stronger than ever, especially in the credit union industry. According to the Beazley Breach Response Services team, the number of ransomware attacks ballooned in the first quarter of 2019, reporting an increase of 105% in the number of attacks against clients compared to last year.

Hackers are also doubling down by implementing ways to stop IT departments from recovering by either incorporating a “ransomware attack loop” or compromising your backups. This technique is specifically designed to attack your credit union’s ability to recover. 

  • Compliance

More and more compliance laws are taking effect and your credit union needs to act now. GDPR and the Ohio Data Protection Act are currently in effect, while the California Consumer Privacy Act follows next year.

These laws work to protect customer privacy and require similar protection around the integrity and security of their data. This directly affects your disaster recovery strategy around making sure that you can restore security and the data itself back to a usable state.

  • Island hopping (targeted attacks)

This advanced technique involves cyber criminals gaining access and control over systems, user emails and accounts in one organization to be used to commit data theft, fraud and other crimes in another company. For most cases, hackers create entirely new accounts and separate emails as part of their strategy. So even if your credit union is not the target victim of a group, the cleanup involved after being part of a data breach includes securely returning the company’s data and systems to its right state.

Compliance standards and cyberattacks require organizations to plan well in advance for these types of disasters. IMS’ Disaster Recovery services ensure that in the event of any unforseen event, your credit union will be able to quickly resume operations. 


Respond And Recover From Credit Union Cyber Security Incidents

As financial processes become even more reliant on current technology, regulations and restrictions on cyber security tighten by the day. In recent years, the financial industry in particular has gone through more than its fair share of security breaches. In fact, credit unions and other financial institutions with less than $35 million in assets accounted for a shocking 81% of data breaches just this 2016.

The fallout of these malware and hacking incidents resulted in stricter security policies and higher expectations for the data security of members, staff and businesses themselves. 

Credit unions have since been striving to develop a culture of cyber security that is deep-rooted in each stage of data storage and transit, including over networks and in-branch. While the National Cyber Security Alliance (NCSA) provides a recommended process for determining, protecting, and discovering potential security risks, it is crucial to have a plan in place if a breach should occur.

Below are a few considerations for responding to and recovering from credit union cyber security incidents:

How To Respond

As always, prevention is better than cure when it comes to cyber disasters. Having a recovery plan in place before such a calamity strikes is extremely important. But while a comprehensive cyber security protocol will protect against the majority of breaches, even the most stringent programs are not immune from attack. Preparing how your credit union will respond will help you work through these incidents with calm and confidence.

Directly after a security breach, disconnect affect networks and equipment to effectively take them offline. Contact your vendors or in-house IT staff to help assess the situation. Connect with your credit union’s legal representation as well to begin tackling any effects of the attack.

Being able to continue operations as usual can be your credit union’s lifesaver, so consider disaster recovery solutions that minimize downtime and help you restore your business as soon as possible. Lastly, make sure you are familiar with state data security laws before notifying the critical parties as soon as you can after a breach occurs.

How To Recover

Begin recovering from a cyber security breach by analyzing your credit union’s post-breach process. What did your credit union do well and what could have been done better? Take these observations and document them as needed improvements for security policies that you will communicate to your staff and incorporate into your current cyber security program. It can be very helpful to encourage further education and improvement of cyber security knowledge so your plan will be as effective as it can be.

Finally, your attention and resources should be directed to doing damage control to reassure members of their trust and confidence in your credit union. Security breaches aren’t just a negative incident for your credit union, but a moment of panic for your members too. They will need your reaffirmation that your institution is taking all the needed precautions when it comes to their data.

No two credit unions are the same, and this goes for their cyber security plans too. Depending on its size, different types and levels of security will be needed. Preparing for a cyber security breach is critical even for credit unions with exemplary security protocols. Don’t make the biggest mistake that credit unions can make when it comes to the security of their systems and member data: assuming that they are safe from cyber crime.


Black Friday vs Cyber Monday

Is One Better Than the Other?

holiday shopping 2018 IMSBlack Friday, or Cyber Monday? While there are obvious differences between the two – in-store vs online – there’s been a bit of a debate regarding which of the two will garner the best deals.

For some, having the option of skipping in-person, retail craziness is enough to sway them towards preferring Cyber Monday. For others, it’s a yearly tradition with family and friends; completing all holiday shopping before 8:00 am.

According to the National Retail Foundation, more than 174 million shoppers in the United States took to brick and mortar and online stores, from Thanksgiving Day through Cyber Monday 2017, spending $7.5B on Black Friday alone!

It is no secret that there are amazing deals on Black Friday and Cyber Monday. If you do a bit of research, you’ll most likely find fantastic finds, both online and in-store. According to experts, the better of the two depends on what you are interested in buying. So, let’s break it down and save some cash!

When to Shop for What

Believe it or not, depending on what you are shopping for can dictate when you should shop for it. There are specific items/categories that are usually priced better on one of the two days. While not set in stone, typically the following deals are seen:

Black Friday

  • Appliances
  • Grills
  • Televisions
  • Computers/Peripherals
  • General Electronics

Cyber Monday

  • Apparel/Shoes
  • Beauty Products
  • Travel Deals/Airfare
  • Apple Products
  • Gaming Systems
  • Discounts are often retailer-wide, as opposed to a specific product
  • Deeper discounts on leftover inventory from Black Friday

Do Your Research

Utilize email subscriptions from retailers you intend to shop with. Discounts for Black Friday and Cyber Monday are often emailed to list subscribers.

Use online tools and browser extensions to monitor the price of items you’re interested in.

Sometimes the second-best deal ends up being the better deal. You won’t be up against as many consumers and have a better chance of your item being in stock.

Cheaper isn’t always better. Sometimes there are features that aren’t included in the lowest priced models. Whether it’s a washing machine without a fabric softener dispenser or a television that isn’t as “smart” as you thought it would be, do as much research as you can when you have a specific model or item in mind.

Prepare in Advance

  • Whether shopping online or in-store, have a list of items that you are interested in purchasing.
  • If you’re purchasing online, make sure that you create an account prior to shopping, to expedite the checkout process.
  • If you’re shopping in-store, map your route to the different retailers and go in with a plan!

While some would rather brave the crowds and early morning hours, others prefer the convenience of shopping from wherever they like. Either way, there will be many deals available, and with a little preparation, you can save a lot of money!

Guard Your Information

Whether shopping at retail outlets or online stores, be mindful and observant of your personal information. The holidays are a busy time of year for identity thieves and cybercriminals, so be vigilant and smart.

  • Make sure that any website on which you are providing ANY type of personal information is secure. Look for a padlock next to the URL in your browser’s address bar. If you don’t see that, don’t share any personal information and do NOT provide any type of financial or payment information.
  • Check your credit card and bank accounts early and often. Many banks will show transactions within moments of occurring. As your bank or financial institution if text message alerts are available to customers, to be notified when a purchase is made.
  • Protect your packages! Thieves have no problem stealing packages from the porches, stoops, and mailboxes, of others. If you already have a security system in your home, ensure that a camera is focused on any areas that packages or items of value may be left.
  • Track your package shipment process through text messages. Most package carriers and shipment facilities offer text alerts and updates to recipients at no cost. This makes it easy to see where your package is in the shipment process, and if it was delivered.

Remember the reason for the season when you’re out shopping, or browsing online. Enjoy your experience, find great deals, and have a wonderful holiday season!

From all of us to all of you, have a wonderful and joyous holiday season!!

The Team at IMS