How to Mitigate Risk from Data Breaches at Banks and Credit Unions
Cyber-terror attacks continue to threaten financial institutions directly and indirectly. Most recently data breaches at Target and Home Depot, and malware directed at corporate banking accounts made major headlines. However, lesser incursions could be just as damaging. These threats heighten the need for financial institutions to utilize dynamic and protected credit and collections software to follow security compliance guidelines and maintain strong information security protocols.
The Identity Theft Resource Center (ITRC) defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards) is potentially put at risk because of exposure. This exposure can take place either electronically or in paper format.
Organizations of every size are under siege. Hacking probes attack major financial institutions thousands of times per day but countless small and mid-sized organizations and financial institutions take hits across the U.S., sometimes as a result of a breakdown along the value chains. “Small, local breaches may not garner the same headlines, but they can be just as damaging for smaller financial institutions like credit unions,” a NAFCU report read. “A wide majority of respondents (84.4 percent) were impacted by a local data breach during the last two years.”
This expanded protection becomes even more important as organizations move to a more distributed environment and cloud computing. Banks and credit unions need to have a strong IT strategy and efficient collection compliance operation in place.
In going over where there might be vulnerabilities there is more to consider than first meets the eye, especially in the credit and collections area.
Is Your Financial Institution at Risk?
How do these breaches occur? It could be from accidently giving out a password, being spear-phished (an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data), a lost or stolen USB, mishandled files, or leaving a backdoor (or front door) to the network operations center open for a cyber-thief to enter.
The level of sophistication is penetrating into networks and third-party access also rises with the complexity level of technology. Nevertheless, a massive 91 percent of cyberattacks and the resulting data breach begin with a "spear phishing" email, according to research from security software firm Trend Micro.
In published reports, Michael Bruemmer, vice president of Experian's data breach resolution group, 80 percent of the breaches his group works with "had a root cause in employee negligence."
Given the current tempo of technological evolution it’s even more important that financial service organizations become proactive rather than reactive when it comes to cyber-protection of the collections data and understanding collection compliance.
How to Protect Yourself
For financial institutions, start by evaluating security measures currently in place along the entire supply chain. This means looking closer at possible compliance issues and third-party services as well because, not only are hackers looking for holes, so are the regulators who are holding financial institutions accountable for end-to-end risk.
Financial institutions sometimes fall prey due to careless security procedures from third-party vendors. Hackers who scan the Internet for vulnerable systems simply need to find the weak link.
In addition to providing the right technology, IBS offers clients with ongoing and dependable training for your staffs. Our Online Self-Guided User Training Modules provides interactive training at no additional cost to support IBS clients, allowing platform users to take the online classes based on their availability.
New bank collections software with improved technology and security increases data protection. The right powerful software also checks for possible compliance issues.