WASHINGTON—Credit unions that use a virtual private network (VPN) as a means of security may actually be putting member data at great risk due to advances cyber-thieves have made and mistakes by staff, according to one expert.
Tony Busseri, CEO of Route1 here, also suggested that many small credit unions are not moving away quickly enough from VPNs, making them bigger fraud targets.
Busseri, whose company offers the remote communication solution MobiKEY, termed VPNs “antiquated technology.”
“VPNs, any more, do not provide the credit union with a way to remotely work with partners and employees in a secure manner,” said Busseri.
Busseri explained that a key problem with VPNs—and the corresponding opportunity for crooks—is that they allow the CU’s data to go outside the firewall. That, he says, often leads to human error.
“The large majority of data breaches are triggered by the fault of a human being, whether that be lost laptops or flash drives. Trying to remove the human weakness is a critical component of any cyber security strategy,” he said.
Busseri said the critical point is that the CU always wants its data to remain behind its firewall.
“Step one, I would say the credit union should develop a rule that says we will not allow our data to go beyond our firewall, even if it is encrypted,” said Busseri. “There are ways you can use data without it actually coming to where you are.”
He cited solutions, of which MobiKEY is one, where users, via a secure protocol, access a company’s data, but the data does not move outside the firewall.
“It appears as if you have that data right with you, on your computer, but you are actually working from the computer at your desk,” explained Busseri. “What you are seeing is an encrypted picture using your PC keyboard remotely. But nothing is happening on that remote asset. Essentially you are using your laptop as a dummy keyboard.”
Busseri noted the technology is used by many government agencies use, including the Pentagon.
“And it is less expensive than VPN,” he said.
Busseri said that the approach, too, allows the credit union to do a better job of keeping its eyes on its data, who is using it and in what manner.
It is time more small credit unions consider the option, said Busseri, who fears many either don’t know about the technology or will move too slowly.
“They are making it easier for hackers to get inside their networks, which can be an issue with small businesses,” he said.