Following a number of recent high profile security breaches, the National Credit Union Administration (NCUA) has reminded credit unions of the appropriate security incident prevention and detection steps needed to protect and secure member information.
The agency in a Tuesday release noted that federally-insured credit unions "should have robust enterprise risk management practices in place to maintain member data integrity and confidentiality," including "risk assessment, risk mitigation and controls, and risk measuring and monitoring."
Credit union risk assessment activities should include reviews of information security programs. The NCUA warned of the many ways that hackers and other criminals can attack credit unions through "phishing, spear-phishing, drive-by malware injection, and other malicious techniques." These types of attacks can be used to directly access sensitive information or set up viruses that will ease access to sensitive information. "The increasing sophistication of the tools and techniques attackers use often includes stealth or other means that make their detection more difficult," the NCUA added.
The NCUA said that credit unions could increase their preparedness for these types of attacks by reviewing recent releases by the National Security Agency (NSA) and the United States Computer Emergency Readiness Team's (US-CERT) Early Warning and Indicator Notice (EWIN). The advisories cover the controls needed to restrict and monitor outside access to sensitive information, systems, and control components, and cover web domains that are associated with incidences of malicious activity.
Click here for more info from NCUA.