Keep Member Data Safe

Employee error often puts sensitive data at risk and into the wrong hands.

December 23, 2013
/ PRINT / ShareShare / Text Size +

Splashy cybercrimes that feature devious hackers breaking through a giant bank’s firewalls generally make front page news.

But that’s far from the whole story about how consumers’ confidential data gets into the wrong hands. Research shows employee error puts sensitive data at risk far more often.

Verizon data security experts analyzed more than 47,000 data “security incidents” in 2012. In these incidents, the exposure of this sensitive data didn’t necessarily involve crime or result in monetary losses.

subscribefrontline“Error” ranks as the largest threat category, making up 48% of all incidents, according to Verizon’s 2013 Data Breach Investigations Report. Errors included lost devices, errantly addressed emails and faxes, and publishing mistakes.

Threats caused by malware and “misuse”—which covers employees’ violations of data-use policies—tied for second, at 20%.

All credit unions implement various network security measures to protect data against high-tech attacks. But employees also can protect members’ sensitive data with these four measures:

1. Double-check the destination of emails or fax numbers before hitting “send.” Anytime you’re corresponding with a member or third-party vendor that involves sensitive data, first check your credit union’s information security policies to determine if they permit transmitting members’ confidential data in
these ways. If so, best practices recommend you send only encrypted data.

2. Avoid saving data to movable memory devices—and keep your laptop secure if you take it off-site.

Laptops are a major target for thieves. Whenever possible, don’t take a laptop containing members’ confidential data out of the office. If you must, don’t leave the laptop in plain sight in your car, unattended in a coffee shop or library, or in other situations that invite theft.

Member data saved to thumb drives, CDs, or other portable media presents a huge risk. That’s why some credit unions lock down the USB ports and CD/DVD drives on their workstations.

If you have the ability to save member data to external memory devices, don’t lose track of them. Delete the data or destroy the disk as soon as you’ve transferred
the data to its destination.

3. Properly destroy data devices. Just as you’d shred paper documents containing members’ personal information, dispose of data storage devices such as old tape drives, disks, and computer hard drives by rendering them unreadable.

4. Beware of targeted phishing attacks. As a financial services employee, you’re at greater risk than the general public for phishing schemes.

One common phishing attack tricks you into opening an infected email attachment or clicking on a link to an infected website. This automatically installs malicious software (malware) on your work computer, possibly creating a back door into your credit union’s network.

Criminals search social networks such as LinkedIn to discover employers, job titles, and email addresses, and generally send phishing emails to a specific group of employees at a credit union—a tactic called “spear phishing.”

Be careful about any email that contains a link or file, even if the email appears to be from a professional organization or social network to which you belong. Your credit union might have an acceptable use policy prohibiting employees from using credit union-owned computers for personal purposes, including surfing the Internet and/or checking personal email.

These four measures cover only some of the employee-related data security exposures. Your security policies undoubtedly cover current scenarios. Your best protection is understanding your policies, being aware of how you interact with members’ data, and guarding against errors and targeted scams.

JAY ISAACSON is credit union protection product management director for CUNA Mutual Group.

This article first appeared in Credit Union Front Line Newsletter, the monthly sales and service newsletter for branch staff and their managers.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive