Data Breaches Top List of Fraud Threats

Six steps to avoid devastating financial, reputation, and legal risks.

October 05, 2011
KEYWORDS breaches , data
/ PRINT / ShareShare / Text Size +

Data breaches have overtaken the theft of physical assets as the No. 1 fraud type, with most data theft occurring in the financial services industry, according to Ken Otsuka, senior risk consultant for CUNA Mutual Group.

To avoid crippling financial damage and loss of member trust, credit unions must implement measures to prevent data breaches and have a solid mitigation plan if one occurs.

Otsuka, addressing CUNA Mutual’s Online Discovery Conference Tuesday, cited the 2010 Annual Global Fraud Report by the risk management consulting firm, Kroll.

The study indicated the information-rich financial services industry led the way in data theft incidents at 42% in 2010, up from 24% in 2009.

“Data breaches have quickly become a top concern,” Otsuka said. “They are increasing in frequency and severity in terms of number of records breached and recovery costs.”

Breaches can involve electronic data or paper and occur in many ways, including:

  • Lost or stolen disks, laptops, and other data-bearing devices;
  • Dishonest employees;
  • System intrusions by hackers;
  • Negligent disposal of data; and
  • Breaches at third-party vendors housing confidential personal member data.

A data breach can be devastating for a credit union, Otsuka said. A 2010 Ponemon Institute study stated the average cost to repair a compromised record was $214. For financial institutions, that cost was $353.

Data breaches cost more than money. “A breach could shake members’ confidence in the credit union’s ability to protect their personal information, which could have a devastating effect on the credit union’s reputation,” Otsuka said.

Compliance and legal risks also loom. “The Gramm-Leach-Bliley Act requires credit unions to protect and secure members’ personal information,” he said. “Penalties for noncompliance, whether at the state or federal level, can be severe. In addition, numerous well-publicized lawsuits have been brought by consumers against organizations that experienced data breaches.”

Otsuka urged attendees to implement proper technology, policies, and procedures to protect confidential member data. He offered these tips:

  • Protect confidential member data residing anywhere on the network, including workstation hard drives and servers. Encrypt data residing on networks, all mobile devices, and in data transmissions over the Internet and e-mail.
  • Install a data loss prevention solution to identify where confidential member data is located on the network and determine if employees are inappropriately transmitting data via e-mail or downloading data to external devices.
  • Lock down USB ports and CD ROM/DVD drives on certain workstation computers, based on employee job duties, to prevent downloading of confidential member data.
  • Implement an identity and access management solution that allows only authorized users to access the network and secures remote access for employees and vendors.
  • Have an endpoint security solution to protect all entry points to the network, including firewalls, and software for viruses, malware, and intrusion detection.
  • Protect corporate mobile devices by ensuring confidential member data is stored in encrypted format, devices are password protected, and data can be wiped clean if the device is lost or stolen.

Otsuka advised having an insurance backstop, such as of CUNA Mutual Group’s Cyber & Security Incident Package, which provides coverage for credit unions in the event of a data breach.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive