TAMPA, Fla.–There were 2,6,968,280 data records breached during 2017. That’s 7.125 million each and every day.
As disconnecting from the Internet isn’t a practical response for nearly everyone, the next question is, “How do we adapt?” according to one person.
A.J. Schwab, deputy chief information security officer with CO-OP Financial Services, said credit unions can best adapt by taking a number of steps that reflect the reality of the threat.
Speaking to a CO-OP Road Show meeting here that was hosted by Suncoast Credit Union, Schwab said identify theft was the number-one type of data breach (69%) that occurred. Of that, 71% of identity theft cases are from the outside the credit union.
But that leaves a pretty substantial internal threat, he observed.
“The one thing we do need to focus on is accidental loss and malicious insiders, which adds up to about 27% of breach incidents,” Schwab said. “This is part of the world we live in now.”
Schwab noted the costs of buying hacking hardware is now “stunningly cheap,” and that customized malicious software can be had for $50 to $100 to target individuals and get around the anti-virus scanners.
Knowledge Questions and Authentication
Moving forward, Schwab said there are going to be numerous challenges in the area of knowledge questions and authentication of users, with the old “mother’s maiden name” no longer even remotely effective at providing security.
“The effectiveness of account-based questions has been diminished with so many breaches,” Schwab said. “A creative approach is necessary. Involve the member, don’t be afraid to call them. Add barriers where possible to slow down requests until they can be verified. Credit bureau-based questions are also a problem today. It’s getting harder and harder to successfully authenticate people.”
Best Practices in Cybersecurity & ID Theft
Schwab recommended the following best practices to improve cybersecurity:
- Someone at the credit union needs to spearhead cybersecurity if there is no CISO.
- Always use the VPN if available before surfing the web or access applications.
- Initiate real-time account alerts for all account-based changes and follow up with U.S mail communication.
- Verify security updates to a PC before allowing them to initiate.
- Don’t underestimate the value in reporting unusual changes to a PC desktop’s appearance or performance to the IT department.