Scary Movies Aren’t the Only Spooky On-Screen Showings…Beware of Cyber Hackers!

October is the best time of year to watch frightening films and see spooky stories unfold. However, no matter how thrilling and realistic these movies can be, they are fictional. So, before you grab popcorn and press play, let’s first address some of the true threats that do exist and could even show up on your screen…cyber-attacks.

Let me start by saying that this post is not meant to invoke fear. In fact, that’s the tactic bad actors use, and they want you to be afraid! Instead, with October being Cybersecurity Awareness Month, I think we should all take this important reminder as an opportunity to address our responsibility as financial institutions to prepare for cyber-attacks and prevent critical information from being exploited. So, if you’d like to learn more about some of the ways your credit union can stay cyber safe, keep reading!

“Building a Cyber Strong America”

When Cybersecurity Awareness Month was implemented more than 20 years ago, the world looked a little different, but the concept of being prepared is timeless. Over the years, as technology has advanced, cybersecurity awareness has increased, but there’s always more work to be done. The Cybersecurity and Infrastructure Security Agency (CISA) has shared this year’s theme for Cybersecurity Awareness Month, which is, “Building a Cyber Strong America,” and this demonstrates “the need to strengthen the country's infrastructure against cyber threats.” So, what steps can your organization take to make this happen?

Cybersecurity Measures for Your CU

First, it's worth mentioning that while cyber threats have progressed and evolved, bad actors continue to employ exploitive tactics to try to appeal to our good nature through social engineering scams. That’s why training your teams on how to identify these scams is crucial, especially as artificial intelligence (AI) advances. Our partner, KnowBe4, provides a few reminders of the three types of social engineering schemes to look for:

• Digitally, you should be on the lookout for phishing emails or spear phishing tactics, which go after a specific person or job title.
• By phone, watch out for smishing through texts and vishing through calls.
• In person, be cognizant of attacks through USB drives or tailgaters who try to enter a secure portion of the building after an unsuspecting person.

If you’re interested in going more in depth on this topic, earlier this summer, my colleague shared a few spooky but true stories of social engineering scams in a recent blog article.

Additional Measures You Can Take

In addition to training your staff, CISA outlines more actions your credit union can take, which include improving password strength, adding multi-factor authentication and making sure your software stays up to date.

Finally, CISA also provides three additional steps you can take to level-up your cybersecurity measures:

• Monitor Your Systems. By logging activity, you can look for any signs that hackers might be trying to gain access.
• Ensure Your Data is Backed Up. If a breach were to occur, you want to have clean, secure backups in place so you can restore your information quickly and effectively.
• Use Data Encryption. This step allows an extra layer of protection, where even if your information has been compromised, it’s still closed off, so bad actors can’t get to it.

Remove the Fear Element

While scary movies are meant to keep us entertained and incite fear, cybersecurity shouldn’t be a scary topic. By taking these steps, we’re preventing the real threats from taking place.

Once you’ve implemented plans for your organization, spread the word! CISA provides plenty of tools and resources for you to share with your staff, like email signatures, press materials, social media templates and lots more! You can check out the toolkit here.

With this knowledge and preparation, I know you’ll be better prepared for spooky movie season…no matter what screen you’re using!

John Cuneo is the SVP/chief risk offier at Vizo Financial. With many years of information technology experience, he is well-versed in overseeing the Corporate's risk management needs.