It’s a tough time to be a credit union. Massive retail data breaches have exposed millions of customers to fraud. While retail outlets are paid regardless of the outcome, credit unions and banks are often left holding the bag, costing them millions in unrecoverable losses every month.
National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger summarized recent events:
“It has been almost six months since Target’s data breach, and we still have no new data security standards for retailers. Since Target, there has been a major data breach discovered almost every month. The continued lack of national data security standards is an open invitation to cybercriminals.”
But how are retailers operating with poor security? Here’s a simple breakdown of why it’s happening:
Lack of clearly-communicated policies
Many companies do not educate employees on data security. While technology policies are commonplace during orientation, few companies take time to discuss issues of confidentiality as part of the process. Internet security and the risks of unauthorized solutions should be mandatory topics, which would then create awareness of how seemingly benign actions can affect retail partners like credit unions.
Proliferation of mobile devices and Bring Your Own Device (BYOD) policies
BYOD policies are proliferating as companies seek to trim budgets and encourage productivity, but by using personal smartphones for business, employees unwittingly put sensitive data at risk. Automated backup to cloud-based apps and the potential to misplace an unlocked device are obvious ways BYOD policies can result in a data breach.
Complex collaboration systems
VPNs, portals, and similar tools can contribute to employees using rogue solutions, since employees simply don’t want to use anything that seems like a complex system. This may lead them to upload sensitive data to the cloud or a flash drive for faster collaboration with coworkers and stakeholders. But with exaggerated claims of security, employees may feel safe using outside means to accomplish their jobs, leaving credit unions on the hook when something goes wrong.
No policy workflow automation
The best way to ensure compliance is by implementing a secure, simple-to-manage solution that forces compliance by managing who can access data and to what degree it can be manipulated. While it may seem like an easy win, most corporations have no policy workflow automation system in place.
Without a clear path forward or aggressive regulation, many retailers will continue to fall victim to data breaches. Encouraging implementation of a secure file collaboration solution is a necessary first step, and for credit unions, it can’t happen soon enough.