2024 Strategic Summit

Financial institutions today are facing an unprecedented barrage of cyber threats. Constant dangers materialize, from high-tech hackers to old-school phishing and spam. For Cybersecurity Awareness Month, the team at Catalyst Corporate has recaptured Gene Marks’ 12 safety tips shared during his 2022 Economic & Payments Forum presentation, Cyberthreats – Strategies & Tech to Protect Your Business.

When it comes to cybersecurity, it’s important to ensure the “little things” are secure. When focusing on one solution, we can inadvertently put ourselves at risk, despite having good intentions. Security is a cumulative case effort, meaning we should compile many different security measures to create a headache for cyber criminals who want to exploit our information.

Gene Marks gave these 12 tips for increasing security to help your credit union up its game for Cybersecurity Awareness Month:

1. Training

There are many great services that train employees to spot the latest cyber threats. “The number one, biggest thing you can do to protect yourself, both professionally and personally, is make sure you get trained,” said Marks. Services like KnowBe4, SANS Security Awareness and Barracuda are all cybersecurity awareness training services designed to educate and teach business employees to combat threats.

2. Security software

Security software isn’t the slow, almost virus-like software it used to be. Modern services are fast, efficient, and pretty reliable at keeping your computer free of viruses. The downside to virus protection software is it is reactionary. Software must be up to date before it can detect the latest threats.

3. Password management

Password managers are encrypted “vaults” that house all your passwords. They can still be hacked, but “the key is they give you access to complex passwords.” You cannot remember a strong password to every account you own, but a password manager will allow you to use unique, strong passwords more consistently.

4. Multi-factor authentication

This measure is a must-have for “every one of your personal and your professional accounts.” The multi-step process requires you to get a code from your phone before logging in to your account. One weakness, however, is that malware still has the potential to infect your phone, allowing hackers to see the issued code as you receive it on your phone.

5. Backups

Backups work behind the scenes to copy your data to a different location in the event you need to restore a device. If you lose something, a backup has you covered.

6. VPNs

A virtual private network, or VPN, creates a secure connection for you to use the internet safely, whether you are at a coffee shop or staying at a hotel. Marks offered up security advice when traveling, “The best thing you can do is use the wireless hotspot on your phone.” Your phone hotspot has a VPN built into it.

7. Managed service providers

Marks touted the value of having data hosted by a reliable third party. “You shouldn’t have anything stored locally at your business. Managed service providers exist to help keep you safe. It is their job to handle things like encryption and backups.”

8. Operating system upgrades

Always upgrade operating systems as quickly as possible. Typically, operating system updates are almost entirely comprised of security fixes. Many bots are specifically looking for computers running old operating systems.

9. Home router configuration

“Home routers are extremely insecure,” Marks noted. Keep your router updated and ensure you have a complex password.

10. Cyber-insurance

Make sure there is a clause in your contract that includes business interruption and liability protection. Many basic plans have weak language, and this is a major negotiating point for your organization.

11. Internal controls

The same employee performing every step of a process is a security issue. Marks highlighted the importance of internal controls, saying, “You need to have segregation of duties.” Segregating duties strengthens internal security, protecting against compromised accounts or fraud.

12. Consider biometrics

Biometric security verifies people’s behavioral and physical characteristics to identify them. Various biometric recognition devices are available now, and the industry will continue heading this direction.

Cyber risk is not confined to large institutions with major budgets. Credit unions of all sizes and sectors are equally at risk. Which security resources will your credit union implement?

You can access Gene Marks’ session to review tips or software recommendations on-demand via ON24.