Advancements in technology excite us because they make our lives easier and more convenient. But, as technology advances and evolves, it gives criminals increasing opportunities to access sensitive information, engage in identity theft, and it poses financial and other risks. Data from Akamai shows that in 2022 attacks against financial services firms grew by 257 percent compared with the previous year, while IBM reports that the typical data breach cost for financial services organizations stood at $5.97 million.
Community banks and credit unions need to take special care to ensure that they can protect the security and privacy of their customer data.
Bank boards need to act now to bolster their security policies and practices and continue monitoring their security protocols as the sophistication of cybercrime continues to increase.
Types of Cyberattacks and Motives of Cybercriminals
According to Verizon’s 2022 Data Breach Investigation Report, ransomware has continued its upward trend with an almost 13% increase (for a total of 25% of breaches)—a rise as big as the past five years combined.
Something that makes addressing cyberattacks challenging is that they can take many forms. Some criminals are intent on stealing funds directly from a bank or one of its account holders. Criminals that pursue data breaches are looking for information about account holders that they can use to commit fraud. Ransomware attacks are increasingly popular. In this type of attack, the criminals encrypt data that effectively locks up a bank’s computer system until the bank agrees to pay a ransom to the hackers in the form of cryptocurrency.
Cybersecurity in the Financial Services Industry
As the problems of infiltrating sensitive company data continue to rise, community banks need to work diligently with their IT departments and create company-wide awareness of the risks of cyberattacks.
As a company firmly committed to modern governance, we understand the substantial disruption that the challenges of a major crisis can present for governing bodies. To help governance leaders navigate through the uncharted waters and prepare for future crises, we’ve put together a Crisis Management Toolkit with core considerations and guidelines, tips and best practices to implement immediately. Download your copy now!
Best Practices for Cybersecurity to Implement
The ABA Banking Journal offers five best practices for cybersecurity to implement along with secure technology for community banks and other financial institutions.
1. Make data security a company-wide focus
Along with every other type of industry, community banks are relying on cloud-based and remote employee access programs. These programs create new opportunities for cybercrime. The IBM Cyber Security Intelligence Index shows that phishing is the top way attackers gain access, identified in 41% of incidents. More than half of phishing attacks used spear phishing attachments. There was also a 100% increase in thread hijacking attempts per month—where an attacker impersonates someone and manipulates existing email conversations for nefarious purposes.
It’s fair to say that cybercriminals are looking for the low-hanging fruit which equates to finding the weakest point in a bank’s security, which is very often their own unwitting employees. The lack of attention to proper education and communication about the bank’s corporate data privacy policies can create situations where employees unintentionally click on a malware link or respond to a phishing email, thereby opening up the entire bank’s system to cyber risk.
In addition to building electronic firewalls to protect data, community banks must build human firewalls by training and educating their employees.
2. Assess the security protocols of the parties in your data chain
By failing to bolster cybersecurity issues, community banking institutions risk exposing their account holders’ bank account information, personal information, and details of their debit cards. The risk highlights the importance of addressing the security of your partners, vendors, and your vendors’ vendors. Your bank should be assessing the security of any party that has access to confidential information past your firewall.
The industry best practice for reducing third-party security risks is to request and review each third-party’s SOC Type 2 Report, which will list their credentials for providing financial services. The SOC Type 2 Report shows that the vendor’s internal controls meet security best practices.
3. Review your file-transfer protocols for proper security
Your accountholders surely appreciate the convenience of a debit card over cash. Debit cards are also useful for auto-pay, paying monthly bills, and making standard purchases. The massive use of debit cards can be catastrophic if account information gets into the wrong hands. A leading cause of cybercrime often occurs due to careless file transfers.
According to the Verizon report, the best defense against file-transfer problems is multi-factor authentication. The report reveals that 82% of breaches involved the human element. Whether it is the use of stolen credentials, phishing, misuse or simply an error, people continue to play a very large role in incidents and breaches alike.
Having to reissue debit cards on a large scale to further protect security poses a huge financial burden to the bank.
4. Institute company-wide rules and responsibilities for handling client data
While there are plenty of cybercriminals in hiding waiting for opportunities for banks to slip up and create security vulnerabilities, the reality is that most data breaches are unintentional and are caused by human error. Even when employees are diligent about following the company’s rules for handling client data, it takes only a simple mistake of unintentionally sharing a customer’s data with a vendor who takes it into his or her own hands and uses it for criminal purposes.
Training and education can help to prevent such situations, but community banks can bolster that protocol by limiting employee access to sensitive data in the first place. Put safeguards in place so that employees cannot download, email or save sensitive customer data on an external device.
5. Prioritize firmware updates and system patching over new releases
It’s essential in the community banking industry to maintain the company’s infrastructure by giving first priority to firmware updates and system patching and keeping these activities on a disciplined schedule. Community banks should be proactive about applying system patches. Be mindful that systems change and evolve quickly, causing the risk of increasing vulnerabilities which need prompt, immediate attention. It’s essential for community banks to provide adequate resources to ensure that their tech teams are able to properly maintain the company’s system and keep vulnerabilities at bay.
It can be tempting to shift time and attention to the newest technological innovations, but to do so may lead to financial and reputational loss.
Community banking is as vulnerable to cybercrime as any other financial institution. It’s important for community banks to be aware of the various kinds of cybercrime they may be subject to and to use best practices for cybersecurity continually to protect their account holders.
As these security threats for community banks and credit unions grow increasingly complex and harder to mitigate, there’s never been a better time to consider the benefits of using a board management system.