Tech Time: How to Protect Your Credit Union From Cyberattacks

According to a new report by cloud and cybersecurity company Barracuda Networks, hackers are no longer targeting big businesses as they were a few years ago; instead, they’re shifting their focus and zoning in on small businesses. That means smaller credit unions are no longer flying under the radar.

On average, small businesses with fewer than 100 employees are more likely to experience social engineering attacks than an employee of a much larger company, the report says. How much more? Approximately 350%.

Generally, hackers earmark high-value accounts like those of CEOs, CFOs and chief technology officers. However, executive assistants and administrators are occasional targets because of their access to specific executive accounts.

Passwords and other forms of credentials are often the most sought-after pieces of information for hackers. For years, data breaches and other third-party breaches have occurred because of stolen credentials, and this trend is showing no signs of slowing down.

These figures highlight the importance of better cybersecurity for businesses, and that includes improving password practices at your organization.

However, before you and your employees can improve cybersecurity practices, you’ll first need to understand the sort of threats you're up against. Here, we’ll list some of the common cybersecurity attacks businesses and employees face and what they can do to protect themselves.

1. Password Hacking

Passwords and other stolen credentials are extremely valuable to hackers because they’re easy to sell and can make a pretty penny on the black market.

Since many people tend to reuse their passwords across multiple accounts, hackers could access a plethora of information quickly and gain access to accounts they otherwise wouldn’t have been able to by obtaining credentials from a single system.

To prevent this, employees should avoid reusing passwords across multiple accounts and adopt a password manager to keep their passwords secure if they struggle to remember them. Most password managers also come with a generation feature that lets you create stronger passwords in one click.

2. Phishing Scams

Phishing scams generally employ social engineering methods to obtain information or distribute malware and other malicious software. A popular phishing technique includes spoofing emails or social media messages. Essentially, a hacker will pretend to be an official or legitimate figure, like a travel agency or relative seeking help, and send the victims a message requesting that they respond with personal information, such as credentials or info that could help crack security questions. Alternatively, a hacker might send the victim an innocent-looking link that goes on to download malware or other dangerous software when visited.

The best thing employees can do is report all suspicious emails or messages from unknown senders. That can also include informing the IT department if you have one at your credit union.

3. Ransomware

As its name suggests, ransomware involves hackers accessing and holding information and data hostage on a device or connected system until they’re paid to release it. To do this, hackers usually gain unauthorized access to a device through a compromised password. They might lock a device or remove the information entirely before requesting that their victims pay a ransom if they want the data back.

There were many ransomware cases in 2021 that impacted the healthcare industry, where hackers attempted to sell stolen data about patients—including names, health history and insurance data—back to the hospital they stole it from. But the problem didn’t start then. In 2016, a hacker named “TheDarkOverlord” was selling hospital healthcare data on the dark web for around $96,000 or 151 bitcoins.

It’s widely debated whether the targets should pay ransomware to unlock their data. Regardless, organizations should always keep backups of key systems and data on a cloud server that updates automatically. This way, your credit union will have a copy of your data even if it falls into the wrong hands.

4. Malware

Malware is a catch-all term for any malicious software used to extort money or extract meaningful information without the permission or knowledge of the affected device’s user. Sometimes, malware can also become ransomware when a hacker infects a device and requests payment from the victim in order to remove the malicious software from their device.

5. Insider Attacks and Data Breaches

While it’s not necessarily common, insider attacks—from bad actors within a targeted organization—can also affect a business and its employees. An insider threat occurs when an employee or a contractor working for the company leaks information that could harm the business or their colleagues.

For example, the perpetrator could reveal consumer or financial information that could paint the organization or their colleagues in a bad light. Insider attacks can result in massive financial loss for a credit union, loss of reputation and legal proceedings.

Insider attacks can be challenging to detect and prevent, since they’re committed by employees with legitimate credentials and malicious intent. Still, employers in high-target industries can modify hiring process to include background checks and ensure that they have the best cybersecurity measures in place to prevent insider threats from occurring.

Cybersecurity threats can be daunting for organizations of all sizes and their employees. However, it’s not impossible to prevent them. Consider implementing basic cybersecurity training that covers topics like creating strong passwords, managing sensitive information and following protocols when it comes to handling suspicious emails or messages.

Jane Chan is a content strategist at TechWarn, a digital safety advocate for cybersecurity companies. She is passionate about promoting the importance of cybersecurity and digital privacy and is dedicated to empowering her readers to take control of their digital lives.