Alex Ricardo, privacy breach response manager at Beazley, provided some background leading up to his presentation at CU Times‘ virtual cybersecurity conference, scheduled for Sept. 7.
The virtual conference, Defending Your Credit Union Against Data Breaches, provides vital help in understanding and defending against evolving external and internal security threats.
“Beazley is a specialist insurer and the pioneer of breach response insurance,” Ricardo said.
Beazley, which provides an 11-year background of experience in managing more than 4,100 privacy/data breach incidents, not only provides risk transfer options for credit unions dealing with third-party liability, but also helps clients stay defensible from privacy/data breach incidents. Ricardo added Beazley aids within the assessment, investigation and response phases.
“It is in these phases, are where most of the liability exists for an organization,” he said. “A data breach is not always a disaster. Mishandling it is.”
What are the biggest data breach threats to credit unions?
Ricardo: Much like other organizations that own the personally identifiable information on employees as well as members (customers), most of the threat or liability extends not from lawsuits or regulatory investigations, but rather the lack of experience in properly assessing, investigating and responding to the privacy/data breach incident at hand. Many liability pitfalls arise in the course of those phases leading up to the possibility of lawsuits or regulatory investigations. With respect to causes of such incidents, we are seeing a surge with spear phishing, malware intrusions via social engineering tactics, ransomware and broken business practices such as improperly or lacking encryption practices on portable media devices.
What are some of the less obvious threats?
Ricardo: Some of the less obvious causes to privacy/data breach incidents include physical record loss, which accounts for 16% of such incidents. Rogue employees account for 10% of such incidents. Another less obvious, but significant cause is third-party vendors, which results in about 30% of such incidents. Under various privacy laws, the responsibility of the incident still falls to the credit union as the data owner, not the vendor.
How can credit unions protect themselves?
Ricardo: Beyond some of the obvious measures both from a network security and physical security prospective, the best course of action to protect against the liability that surfaces within a privacy/data breach incident is to have a robust data breach incident response plan as well as having proper employee education on privacy awareness. Not only do several regulations mandate such plans and practices, but having such preparedness initiatives in place reduce the likelihood of third party claims such as lawsuits and regulatory investigations.
Register for the free event here and learn how to better guard your credit union from today’s biggest threats.
