NCUA raises cybersecurity concerns as credit union staff go remote
The National Credit Union Administration has issued cybersecurity guidance for credit unions as employees work remotely amid the coronavirus pandemic.
Malware attacks, advanced persistent threats and phishing scams were highlighted by the credit union regulator as some of the more common cybersecurity risks remote workers face.
“Employees working remotely have a responsibility to address cybersecurity risks for their home networks, personal computing devices and other internet-connected devices,” NCUA Chairman Rodney Hood wrote in a letter to credit unions.
Remote workers have been an easy target for security breaches in the past, so ensuring device security should be a top priority. NCUA reminded credit union employees that family members should not use work-designated devices. Implementing automatic timeout sessions and encrypting sensitive information was recommended as well.
As more credit union employees work from home, they need to be reminded of the vulnerabilities of the networks that they use. Web attacks doubled in 2019, according to the 2020 SonicWall Cyber Threat Report.
To mitigate these risks, credit unions should update their software regularly and keep track of their antivirus software. Additional recommendations focused on taking advantage of firewall capabilities provided by internet service providers and using a strong, unique password.
Credit unions should have sound policy in place to ensure immediate action in the wake of a security breach, according to the NCUA notice. If a credit union employee is a victim of a security attack — or even suspects one — they should immediately disconnect devices from the internet, but keep the device on to preserve forensic evidence and report the activity to their employer.
Policies should outline the credit union's response to a security incident, the regulatory notice said. That typically includes filing a report with local law enforcement or other agencies, such as the Federal Bureau of Investigation's Crime Complaint Center.
“Credit union management should communicate proactively with employees to verify that remote work is being done securely, and provide guidance and assistance as needed,” Hood wrote.