The following post was provided by Credit Union Executives Society (CUES), a World Council associate member, and written by Brian Bodell, VP/product management for CUESolutions Platinum provider AdvantEdge Analytics, Madison, Wisconsin.
As more credit unions serve members from new locations, safeguarding privacy is paramount.
Even as branch locations close and all but a few credit union employees migrate to a home office or other remote workplace, the industry continues to help people through one of the most chaotic times in recent history. Thanks to high-speed internet, virtual private networks, remote desktop platforms, video conferencing and a plethora of connected systems, the movement remains open for business.
But, for every bright spot technology offers, there’s an equal number of potential pitfalls, specifically when it comes to data security and privacy. Credit unions are responsible for personally identifiable information, and cybercriminals use increasingly innovative and sophisticated ways to gain access to that data.
I am sure your credit union’s IT and cybersecurity teams have protected your systems and provided regular training for all employees. However, these teams have limited reach when it comes to your personal space. I have worked a few days at home each week over the last 10 years (vs. commuting into our New York City office) and will be completing my master’s degree in cybersecurity shortly. So, I have a few thoughts on protecting sensitive data and maintaining privacy.
1. Maintain a designated workspace and only use company-issued hardware.
If possible, find a quiet and secure space in your home. Only use a company-issued computer for work activities and don’t share it with family or friends. Do not connect any non-company-issued devices (e.g., USB flash drive or external drives). Only back up digital files on company platforms, and do not forward any files to your personal email accounts. Ideally, your IT team has configured your computer for automatic updates, strong passwords, biometrics, and a one-time password solution to access company networks. In the physical realm, keep any sensitive paper files in a locked file cabinet and shred any sensitive hard copies.
2. Double-check the security of your WiFi connection.
Home networks should be secure, fast and, ideally, segmented. An example would be using a home network, a guest network and an IoT network for smart home devices. Router passwords must be strong (never use the default), and the highest level of encryption should be selected (WPA3).
3. Count to five before sharing your screen.
Most of the video conferencing tools in the market today allow for screen sharing. Typically, you only want to share a specific application or document rather than your whole screen. Either way, before you click ‘Share’, be sure you have closed out all apps containing sensitive data. Your credit union has most likely selected a video conferencing platform and provided proper training. Some video conferencing solutions have proven to be less secure and private than others.
4. Remember to monitor your own privacy.
It can be easy to forget what’s behind you when on a video conference with a colleague, partner or member. Make sure there is no sensitive information, unprofessional imagery or visibility into areas of your home where family members may enter. Many video conferencing tools allow you to blur a background or, even better, use a virtual background.
5. Keep up your guard against cyber threats.
Phishing and “water holing” are always issues, but they are especially prevalent during times of chaos or uncertainty. I am sure most, if not all, credit union employees have attended cybersecurity training and have frequent reviews and tests to maintain sharp awareness. However, cybercriminals use fast-evolving and increasingly sophisticated targeted phishing emails (often based on social media profiles) that may be spoofed to look like they came from a colleague or partner. Pay close attention to email, and do not click on or open anything you aren’t expecting. If the email appears to be coming from a colleague, first double check the email address to be sure it was not spoofed (e.g., Brian.Boddell@cunamutual.com – did you spot the extra D?). Second, give the colleague a call to get voice-to-voice confirmation of the email’s legitimacy. Be very careful with opening attachments and clicking on links (both on computers and on mobile devices). This always applies but is perhaps even more important with all of the COVID-19 coverage.
It’s hard to imagine servicing members and collaborating with teammates during a mass quarantine without the technology we have available today. While we’re grateful for the possibilities the home office opens for us, there are pitfalls we must work hard to avoid. Taking a few extra steps to preserve the integrity of PII and privacy is one of many ways you can demonstrate you have your members’ backs during these unprecedented times.
Below a few sites with both cybersecurity information and training resources (including working from home during COVID-19):
- SANS Security Awareness Work-from-Home Deployment Kit
- Cybersecurity & Infrastructure Security Agency
- Financial Services Information Sharing and Analysis Center
- Stickley on Security