A consolidation of our past Blogs on Credit Union ComSec
Ensuring your credit union remains a trusted financial partner starts with a foundation of internal and external integrity. As digital threats evolve and regulatory expectations heighten, a strategic focus on credit union communication security (ComSec) has become the cornerstone of protecting sensitive member data and maintaining operational continuity. In this consolidated guide, we bring together our essential research on the protocols, technologies, and training methods necessary to harden your institution against interception and unauthorized access. By centralizing these insights, we aim to provide a clear roadmap for executives looking to modernize their security posture while upholding the high standards of privacy and trust that define the cooperative movement.
Credit Union Comsec
Confidentiality, Communications Security and Other Issues That Put Sensitive Info at Risk
ComSec are the protocols put in place to secure the communications and data of an organization. Credit Unions handle tons of personal data, millions to billions of assets, and must comply with an ever-evolving and changing regulatory landscape — so credit union ComSec is a concern for all credit unions.
The digital age grows stronger every day, and with innovation comes breaches and security threats testing the boundaries and strength of each new step forward. With the growth in technology and widespread information sharing, financial institutions need to keep up with the movement and continuously be aware of the current security state. Gone are the days when safes and locks kept the gold in one place, and physical evidence was needed to prove identity.
Trust
As a primary institution, members rely on credit unions to protect their valuable assets from the growing dangers of identity theft, breaches, fraud, etc. … The protection begins in-branch with tightening operations to a lock and key level, starting with security protocols and placing restrictions on documents and member information so that it is not treated like an old newspaper. We can’t forget about moments like Wendy’s data breach.
We do not realize how accessible internal and personal information is to inside and outside threats. A simple document may contain valuable information like birth dates, social security numbers, maiden names, etc.. The disposal and treatment of this common document are treated as such. Placing disposal protocol on information-sensitive documents protects your FI and your members.
In today’s society, a released phone number can create months of spam calls and even fraudulent phishing scams to individuals. Even basic member information can be used against them in the wrong hands. It is the responsibility of your credit union to create a safe storage space for their assets, both monetary and identity.
Credit Union Employee ComSec
Building on a more secure physical workspace starts at the employee realm. Have organized workspaces, and keep documents in the right place for certain needs. A messy desk can turn into a quick toss of member-sensitive documents for the purpose of clearing space. Organizational systems create a sense of order and security for employees and members.
Creating a hierarchy of accessibility can be a spearheaded plan for identity protection. Not all of your credit union employees need access to member information and documents containing it. Continuing the organization into tasks — the credit union employees that complete tasks using certain documentation are the only people who need access to those documents. This creates a lowered risk of lost documents and the spread of information.
Beyond the physical branch, accessibility restriction for digital systems is of utmost importance. So many attacks are digital, and it is important to keep system data fully secured and protected. Always keep devices and applications password protected with unique and varied passwords — Check in with core processor vendors and data linking companies to ensure security integrity.
Above all, the best way to protect your members is by helping them to protect themselves. Distribute fraud security tips with new accounts as well as reminder emails to update your members about current scams and threats. This effort not only protects your members but also builds trust and loyalty between members and FI.
Oak Tree offers compliant solutions to data linking for complaint lending and works with every data processor for smooth and simple integration. We also offer marketing services to help your credit union reach your members and share fraud security tips, tricks, and event updates. Contact us today to learn more.
Credit Union Information Governance
Is Information Governance Important to Credit Unions?
What do you know of credit union information governance? Nothing is more important to a credit union than compliance One of the biggest components to this is information governance. This term may not be so familiar to those outside of the financial sectors or corporate cultures. It is something that has become more important with each passing day. Every company, especially credit unions, must contend with so many issues. A myriad of ever-changing laws, compliance issues, competition, economic uncertainty, and the malicious hackers and criminals that are always a danger to their assets, which contributes to growing concern. Information governance is nothing more than the protocols put in place for any organization to keep its information secure, yet usable. It is being meticulous and disciplined in the collection, management, and output of any information or data in a corporation.
As more credit unions expand their use of fintech, we see a need for them to also bolster their practice of information governance. This has led to the growing need to be more careful with the bulk of data that has been collected. Especially as more states and even the federal government have begun to craft new regulations and controls on how such data can be used, how it must be curated or stored, and of course how to handle the liability issues if an organization is breached. Then there are also the resources used to collect, store, and safeguard this data as a cost to the corporation in comparison to the lifecycle of its usefulness or reliability.
Credit Union Liability Issues
Besides liability issues or the need to stay compliant, we have also seen that when credit unions craft and implement more stringent and careful protocols for their information governance it comes back to that very important shareholder — the member. Protecting the information on your members is also about protecting them from fraud and other abuse. It gives them confidence in your institution when they know that their information can be trusted with your credit union. This is just one more way to build that goodwill and reputation that helps every company survive through the most severe of situations.
There are many instances where it may seem that the data you have is at risk, and this can be very true when dealing with vendors. Oak Tree has been a trusted vendor and we completely understand and respect the need for such controls on sensitive data. Staying compliant doesn’t just mean being aware of the law, it is meant to protect all of us and allow us to feel accommodated.
Properly Securing Data From the Inside Out
“Cyber”- everything is pouring down upon us every day now, and today’s no different. Let’s look at properly securing data from the inside out, because regardless if you are a credit union president, teller, member, or not; even in the CU Community — it pays to be prepared.
The latest scam, fooling you in the midst of your day-to-day normal activities, seamlessly merging themselves into your everyday existence, only later do you figure out (usually once it’s too late), that someone infiltrated your daily flow & grabbed permissions from you, without you even realizing it.
The New “Normal”
This is happening today. It’s the new “norm” of scam artists.
So, beware, there are no 2nd chances. It’s similar to pickpocketing in public. Someone distracts you with a diversion (a yell, a friendly conversation, a staged argument off to the side, something that grabs your attention). Then, in a split second, your belongings are gone!
In the digital, cyber world, this comes by way of a familiar-sounding email from what appears a familiar-sounding, trusted source. You reply easily enough (and quickly, because that’s how we’ve trained ourselves) and inadvertently give out an important piece to the puzzle. And, if that’s not enough, another day comes along another innocent enough outreach, and, oh my, another piece of the puzzle. At that rate, it doesn’t take long for all needed pieces of the puzzle to end up in the wrong hands, and they are now “accumulating” your data. Then, seemingly out of nowhere, BAM, the wheels get set in motion and all hell breaks loose. Your balances go down, your credit cards get declined, strange email password change verifications begin to show up in your inbox, text messages with verification codes appear on your phone, your house or car gets burglarized, and, and, and…..
What’s Next?
At that point (after the chemicals in your brain settle down), you’re in full damage control. Calling your bank [credit union], changing passwords, getting cards shut off & reissued, reviewing your credit report, and that list goes on, and on, and on!
In the workplace, maybe you’re giving out details about coworkers, management, what time you/everyone arrives in the morning, leaves in the evening, what days off you or others have, etc. Or, maybe you unknowingly dish out your workstation or email password(s), the type(s) of systems in place, who’s in HR, Admin, Accounts Payable, Accounting, etc. Then, innocently enough, you’ve given scammers those important puzzle pieces they’re after to begin scamming your employer. Not good for that promotion!
Prevention is Key
“Prevention” is now the word of the day. Change those forever used, often shared passwords & passcodes, and tighten your ship. Stop giving certain permissions to ANYONE. If you do, change passwords & passcodes, again, and again and again. STOP using password files that hold your passwords. If you have password files, make certain that your passwords are complicated and the contents of those files only contain “reminders” that will trigger your memory of the complete/full password(s) or passcode(s). DO choose double authentication wherever possible. This is the key to Credit Union Communication Security.
Then, BEWARE the scammers are much, much better at what they do, and getting better every day! To them, it’s their “work.” They specialize in making daily progress until they have what they need for when they feel the time is “right.”
STOP!
STOP yourself (as in slow down just a millisecond), give yourself that one & only chance to ponder if you’re really confronted by a trusted source or a scammer. Then, proceed only if and to whatever degree you feel comfortable. Those “voices” in your head are usually accurate, if you get “that feeling”, shut it down, think it through and come back to it if necessary. Then, report it, right away. Sometimes (maybe oftentimes), no one wants to listen. Make them listen! Get to an interested party. You may end up blowing an important whistle that stops countless others from doing so much harm. Your voice matters and you could end up saving so many others from being victimized!
So, here’s to keeping the future prosperous by thwarting would-be scammers by choosing NOT to give them a helping hand. Remember, Oak Tree Business Systems has been serving credit unions by providing compliant forms, disclosures, and lending documents solutions in a time and cost-saving manner for over 40 years. Learn more about credit union membership and lending forms packages here or contact ClientServices@oaktreebiz.com for more information today.
The Equifax Breach & Your Credit Union
In a commentary article posted on American Banker (formerly the CU Journal), our CEO, Richard Gallagher discusses how important cybersecurity is for credit unions or anyone in the financial industry. Specifically, he looked at the Equifax breach and your credit union as far as how it can be affected by this breach and similar exploits.
The world of identity theft shifted a bit on Sept. 7, when news broke that hackers had infiltrated the Equifax consumer database. It’s estimated that somewhere around 143 million consumers were affected. This means vital information like names, dates of birth, social security numbers, and credit card information could potentially be up for grabs. And while it’s sobering to think that all of this data could be sold to the highest bidder, the response by Equifax seemed to further complicate the matter.
The website, www.equifaxsecurity2017.com, was set up by the credit bureau to assist consumers with ascertaining whether or not their information had been compromised. However, the official Equifax corporate Twitter account redirected consumers to a fake phishing site for a while before the tweets were noticed and removed. Once the mistake was realized by Equifax, the phishing site was taken down. It was a step by an engineer to bring perspective to the issue of just how dangerous and unnerving the security breach is.
Richard Gallagher
To read more about cybersecurity and your credit union go check out the American Banker article and then check out our compliant lending documents for your credit union.
(note: this is an older blog entry and has been edited since originally posted.)
