Ward Off Ransomware with These Seven Key Prevention Tips
Following several high-profile data breaches at the end of 2020, financial institutions everywhere are doubling down on educating their remote workforces about the risk of ransomware.
Incidences of ransomware were already up before the pandemic. Now, with “how-to” kits easily available on the dark web, more people have been drawn into this pernicious crime, and experts predict attacks will only increase. Prevention requires both tech fixes and continuous vigilance.
“Credit unions need to be looking out for ransomware techniques. These cyber-attacks have no boundaries and are truly a global issue,” says Carlos Molina, Senior Risk Consultant at CUNA Mutual Group. “Ransomware has grown in frequency and severity significantly. The average ransom payments have climbed exponentially in the last few years.”
Jan. 28 is International Data Privacy Day, a global effort to empower individuals and encourage businesses to respect privacy, safeguard data, and enable trust. It’s the perfect time for credit unions to take a closer look at their current cybersecurity strategies and ensure they’re being hypervigilant in warding off cybercrime.
Strategic Link partner, CUNA Mutual Group, recommends seven key prevention tips for credit unions to stay safe:
- Keep all systems patched and up to date, including hardware, mobile devices, operating systems, software, cloud locations and content management systems (CMS). If possible, a centralized patch management system should be used.
- Activate two-factor/multi-factor authentication (2FA/MFA) on all systems — including managed service provider software platforms, administrator systems and end-user systems wherever possible.
- Back up data regularly and verify the integrity. Ensure backups are not connected to the computer or networks that are being backed up (i.e. securing backups in the cloud or physically storing offline).
- Apply the principles of least privilege and network segmentation in which an end user should be given only the privileges necessary to complete tasks related to their role in the institution. If an employee does not need an access right, the employee should not have that access right.
- Provide frequent social engineering and phishing training to employees so they are your first line of defense. Reminders should regularly be made to not open suspicious emails, not click on links or open attachments contained in such emails, and to be cautious before visiting unknown websites.
- Vet and monitor third-party remote accessto the credit union network and connections to third parties. Ensure they are diligent with cybersecurity best practices.
- Familiarize yourself with FinCEN’s advisory and list of 10 financial red flag indicators to assist in detecting, preventing, and reporting suspicious transactions associated with ransomware attacks.
“There’s no foolproof way of preventing ransomware attacks from occurring,” said Molina. “However, ransomware can often be avoided with the right IT security and risk management procedures. Proactive prevention is the most effective for credit unions.”