How can members sift through the hype and warnings to determine which security threats are real? Here are four things every credit union should do to increase accountholder online security.
Tom DeSot, CIO at San Antonio, Texas-based Digital Defense, Inc., who compiled the list, said “Once completed, they are also items that the credit union should share with their examiners and auditors to illustrate how serious the credit union takes the safety of the membership and their accounts.”
1. Online education. Probably the easiest and most cost-effective way credit unions can convey what a member needs to protect themselves online. “There are still members that have never used an online service who are signing up to use home banking and bill pay services for the first time.” These members would greatly benefit from guidance on how they can protect themselves. Training topics credit union should consider include: how to construct a strong password, protect yourself from viruses, avoid falling for phishing emails and prevent identity theft. Make the information available in an online format as well as in printed brochures. “Remember, even if a member is using an online service, they may prefer to have hard copy training materials to refer back to over time.
2. Block/alert on the use of out-of-date browser software. Keeping software, including web browser software such as Internet Explorer, Safari, Chrome, or Firefox up-to-date is also critical to ensuring that the member has a secure interaction with the home banking system. “Unfortunately, many people loathe updating the software on their computer due to the time and perceived inconvenience that the practice imposes.” As a result, the member may be unknowingly placing themselves, their account, and even their identity at risk. Adding warnings on the home banking main page alerts members to the risks their out of date programs presents to transaction security.
3. Be conspicuous about credit union security practices. When a member enters a branch, it is typically easy to determine physical security practices. Unfortunately, most home banking security is not so obvious. The credit union needs to conspicuously provide descriptive security information such as the latest in firewall, intrusion prevention, and anti-virus technologies. However, do not provide too much specific details, such as the brand and model of firewall, which might actually help a would-be attacker.
4. Be clear on what a member can expect from the credit union. The member may not understand what questions credit union staff may require during an interaction. As a result, the member may fall prey to phishing or vishing attacks where attackers pose as staff and ask about member account numbers, passwords, and PINs. To combat this issue, the credit union needs to clearly identify with the membership about what they will and won’t ask, via email or phone.
