What's scary enough to keep credit union leaders awake at night? Forget the ghosts and ghouls – how about fraudsters, hackers and countless other cyber threats? In honor of Cybersecurity Awareness Month, Credit Union Journal has focused on those issues and more throughout October. What follows is a sampling of that coverage.
J. Mark McWatters, acting chairman of the National Credit Union Administration, listens during a Senate Banking Committee hearing in Washington, D.C., U.S., on Thursday, June 22, 2017. Top U.S. banking regulators are sprinting to ease the Volcker Rule, stress tests and other constraints on Wall Street after the Trump administration issued a long list of proposals last week for rolling back post-crisis financial rules. Photographer: Andrew Harrer/Bloomberg
McWatters in the hot seat
National Credit Union Administration Chairman Mark McWatters kicked off October by repeating to Congress the agency's long-standing request for third-party vendor oversight to protect against cybersecurity threats. Credit union advocates say they've heard this argument plenty of times before, but there's a fear that the landscape may have finally changed enough to merit Congress granting NCUA's request. One former board member, however, subsequently rebuffed McWatters' proposal, claiming NCUA won't bring anything new to the table and will only be duplicating the efforts of other regulators. Credit union trade group representatives also pushed back during an NCUA budget briefing earlier this month.
The first line of defense
What's a credit union's best defense against fraud? According to one analyst, the battle begins at home. CUs that educate and train their staff in the fight against fraudsters are better prepared to help members in the same fight, writes Bob Michaud of Q2 Holdings. And a user-friendly, multi-layered approach to cybersecurity could be what helps keep a credit union from becoming the next victim.
Between the Cambridge Analytica scandal and a data breach that impacted tens of millions of users, the news hasn't been good for Facebook lately. But will all that bad luck trickle down and impact how credit unions use the social network? One study shows young consumers changing the way they use the site and, if not deleting it outright, at least cutting back. And with credit unions working hard to reach younger members through social media platforms, there could be big changes ahead.
Consumers don't get a say in how organizations use their data or where they store it, and with major high-profile data breaches becoming all the more common, a growing number of credit unions are moving away from “silo” authentication methods and adopting a self-sovereign identity (SSI) solution, which analysts say need to be on all credit unions' radars.
Moving to the cloud has been a boon to credit unions for countless reasons, but one observer believes CUs should look more closely at some of the threats there. While cloud-based hosting has helped improve credit union operations and disaster recovery efforts, compliance related to the cloud remains a challenge for many CUs. With new regs on the horizon, things could get even tougher.
From APIs to cloud-based hosting, internet of things malware and more, a panel of experts offered CU Journal their take on the next big cybersecurity threats and whether credit unions are prepared to face them.
Credit unions that aren't regularly checking up on their cloud-based service providers could be putting themselves in harm's way.
While the National Credit Union Administration doesn't expressly require Service Organization Control assessments from cloud-providers, one analyst says CUs would be well-served to ensure those evaluations are taking place. And there are steps that can help ease the process and make it less confusing.