Know Thy Enemy: Your Own Employees
NEW YORK-In 2010, 30% of financial services data breaches were caused internally by employees with malicious intent, according to Kroll, Inc., which is encouraging credit unions to look at fraud prevention from an internal perspective, as well.
"Know who your employees are and make sure you do background checks. Make sure you are aware of them," stated Brian Lapidus, COO of the fraud solutions division of Kroll. Lapidus added that often the focus on data theft prevention in many organizations is on outside threats.
Lapidus stressed that credit unions need to train employees on fraud prevention to deter criminal attempts by employees and outsiders. "If your employees are active in their management of a potential fraud situation-active in how they do their jobs and are aware of risks surrounding data breaches-all of sudden you have an entire credit union employed with risk managers. Now if they start seeing strange things, they escalate the situation."
Training leads to employees following more sound internal fraud practices themselves, disposing of paper records correctly and encouraging others to follow the right procedures. "For example, if they see someone plug in an iPod into their computer, they can tell the person that the practice is not allowed in the credit union. Sometimes organizations do not consider the breadth of ways data can be compromised. iPods store data and can bring in malware."
Lapidus encouraged CUs to pay attention to how data is shared with third-party vendors and the security of the vendor itself. "If the vendor compromises the data there is some liability the credit union would have."
2010 Data Breach Statistics
24% of data breaches were caused by hackers
16% of data breaches were caused by improper disposal of sensitive data
41% of data breaches involved physical theft of media