An Underestimated Issue: Disability Insurance Awareness Month

Approximately every 7 seconds, a working-age American suffers a disabling injury or illness that will last for at least one month.1 If this happened to your members, would they be able to make their loan payments or pay bill their bills?

May is Disability Insurance Awareness Month. It is a great opportunity to share the importance of protecting what matters against the unexpected with your members.

Consider the Facts

“According to industry studies, more than 20% of workers under 40 say they are more likely to win the big lottery jackpot than become unable to work due to illness or injury2,” says Ryan Frantzen, National Sales Director of Securian’s Financial Institution Group.

“There is a major disconnect between what people think may happen and what actually may happen. We feel it’s important to help financial institutions inform their customers and help them plan to be smart, not lucky.”

Take Action

You can take action and help reduce your member’s financial burden in the event of an unexpected disability with mortgage disability programs designed to provide for payment of monthly mortgage loan payments.

Talk to your members to see if they would be prepared or able to pay their bills or mortgage without a paycheck.  Securian’s programs may help them cover these payments for a certain time frame and protect what matters.

While we highlight the importance of disability insurance awareness during the month of May, it’s imperative to share this information with your members throughout the entire year.

For more information, please contact Ryan Frantzen at 651.665.1497 or ryan.frantzen@securian.com.

 

Securian Logo

Securian is the NAFCU Services Preferred Partner for credit insurance and debt protection solutions for credit unions. For additional information and educational resources from Securian, visit www.nafcu.org/securian.

 

_______________________________________________________________

1 DisabilityCounter.org, America’s Disability Counter, (data is updated periodically)

2 Council for Disability Awareness, 2014 Disability Awareness, 2014 (page 3)

Cybersecurity Vs. Information Security: Is There a Difference?

By: Melissa Stevens, Senior Digital Marketing Manager, BitSight

Is there a difference between cybersecurity and information security?

Not only is this a great question, but it’s something we’ve heard many times before. Cybersecurity and information security are so closely linked that they’re often thought of as synonymous. But, there are some important distinctions between the two. Below, we’ll explain those distinctions, review a couple important areas of overlap, and discuss why this differentiation—and the evolution of these definitions—matters in the security sector.

Information Security

Information security (or “InfoSec”) is another way of saying “data security.” So if you are an information security specialist, your concern is for the confidentiality, integrity, and availability of your data. (This is often referred to as the “CIA.”) Most modern business data resides electronically on servers, desktops, laptops, or somewhere on the internet—but a decade ago, before all confidential information migrated online, it was sitting in a filing cabinet. And some confidential information still is! InfoSec is concerned with making sure data in any form is kept secure and is a bit broader than cybersecurity. So, someone could likely be an information security expert without being a cybersecurity expert.

Cybersecurity

Cybersecurity is all about protecting data that is found in electronic form. Part of that is identifying what the critical data is, where it resides, and the technology you have to implement in order to protect it.

Overlap Between Information Security & Cybersecurity

There is a physical security component to both cybersecurity and information security.

If you have a warehouse full of confidential paper documents, you clearly need some physical security in place to prevent anyone from rummaging through the information. And as more data becomes digital, the process to protect that data requires more advanced IT security tools. So, while you can’t put a physical padlock on a desktop computer, you can put a padlock on your server room door. In other words, if your data is stored physically or digitally, you need to be sure you have all the right physical access controls in place to prevent unauthorized individuals from gaining access.

They both take the value of the data into consideration.

If you’re in information security, your main concern is protecting your company’s data from unauthorized access of any sort—and if you’re in cybersecurity, your main concern is protecting your company’s data from unauthorized electronic access. But in both scenarios, the value of the data is of utmost importance. Both individuals need to know what data is most critical to the organization so they can focus on placing the right controls on that data. In some scenarios, an information security professional would help a cybersecurity professional prioritize data protection—and then the cybersecurity professional would determine the best course of action for the data protection. But with the changing security landscape over the past decade, things aren’t always this black and white.

The Evolution Of Information Security & Cybersecurity

Over the last decade, we’ve seen a fusion between cybersecurity and information security, as these previously siloed positions have come together. The challenge is, most teams don’t have an information security professional on staff—so the responsibilities of a cybersecurity professional have expanded dramatically. Cybersecurity professionals traditionally understand the technology, firewalls, and intrusion protection systems needed, but weren’t necessarily brought up in the data evaluation business.

But today, that is changing. As this subject becomes increasingly important for businesses, the role of cybersecurity experts is evolving so they can properly protect data. Business partners and investors are increasingly aware of the importance of this topic, and companies are asked regularly about their effectiveness in securing data and managing risk in both cyber and physical forms.

In Summary

Because of the evolution of this position, it’s easy to understand why many people discuss cybersecurity and information security in the same breath. And, you can see how the questions that information security and cybersecurity try to answer are, in essence, the same:

  1. How do we define what data is critical to us?
  2. How do we protect that data?

Where do you see the industry moving in the next 10 years? Tweet @BitSight with your thoughts.

BitSight is the NAFCU Services Preferred Partner for Cybersecurity Rating. Learn more at www.nafcu.org/bitsight.

5 Pillars of Cybersecurity in Financial Services

By: Melissa Stevens, Senior Digital Marketing Manager, BitSight

Financial services are one of the best-performing sectors in terms of cybersecurity. BitSight analyzed the data to pinpoint a handful of basic facts, ideas, and principles that make the financial sector so successful at cybersecurity, and outlined those “pillars” below.

Pillar #1: You Have To Meet The Expectations Of Regulations (And Beyond).

Financial services is a regulated sector—and regardless of your feelings on regulation, it does get some interesting results. When you know that someone is holding you accountable and that this party has the authority to fine or potentially shut you down, you know you have to take action. Thus, financial service organizations typically have implemented proper protections and risk management solutions, invested in the right technologies, and hired the best talent.

And while regulations are mostly about compliance, it’s pretty well understood that compliance does not equal security. To properly manage risk (and go above and beyond your fiduciary duty), you need to identify the greatest threats to your organization and focus your time and attention there.

Pillar #2: You Must Have Vigilance In Your Cybersecurity Execution.

Any company could do the bare minimum when regulators come knocking and let things slide when they leave—but that would be a big mistake. Therefore, you need to continue to be vigilant every day, not only when you’re being monitored.

Executing consistently takes both training and resources. Part of the reason financial service organizations excel at cybersecurity is because of the amount of high-level executive buy-in. The top people in the organization typically demand and expect a strong cybersecurity posture and provide the resources needed to support world-class information security risk management programs.

Pillar #3: You Must Excel At Detection And Recovery.

High-performing financial service organizations recognize that you’re never going to stop every cyberattack. There are too many gaps and too many ways that someone can access and exploit a system. So while you need to excel at protecting your high-value assets and data, you also must excel at detecting security issues and recovering any data loss quickly and efficiently.

Pillar #4: You Need To Manage Risk In The Third-Party Ecosystem.

Many breaches that happen to financial service organizations originate on vendor networks. Financial organizations are keenly aware of risks in the supply chain and the need to properly manage those risks. This is a challenge of scale—how should an organization focus on areas that are of medium criticality and high criticality? This requires an investment of both time and resources; but when you consider the consequences to your data (or your members’ data) if a third- or fourth-party system goes down, it seems the investment is certainly worth it.

Pillar #5: You Should Consider Information Sharing.

Another thing the financial services industry does well is sharing information. The Financial Services Information and Sharing Center (FS-ISAC) is a mature industry forum created specifically for the financial services industry to share regarding cybersecurity in their sector. In it, you’ll find a tremendous amount of collaboration around threat actors and the capabilities of those actors. Members feel that acting in collaboration is better than acting in isolation—which makes membership in the FS-ISAC extremely advantageous.

A Final Note On Cybersecurity In Financial Services:

Cybersecurity has been of great importance in the financial sector because of the amount of regulation in the industry. Even if you aren’t subject to regulations, one of your vendors likely is, and their organization could be breached compromising your data.

But regulation isn’t the only reason that this is critical. It’s also critical because you’re in the business of trust. If your members lose faith in your ability to protect your information or provide a service reliably, your reputation and business may suffer as a result.

BitSight is the NAFCU Services Preferred Partner for Cybersecurity Rating. Learn more at www.nafcu.org/bitsight.

Card Fraud Lessons Exposed

By: Ann Davidson, VP of Risk Consulting at Allied Solutions

Recently Allied Solutions presented a webinar on card fraud in response to the reported increase in card fraud attacks. When polled, 81% of attendees stated they have personally experienced an uptick in card fraud during the last 12 months.

After this webinar, Allied reached out to individual financial institutions to perform an assessment of their risk programs and help uncover potential causes of the card fraud they were experiencing. Here’s what they found:

  1. Financial institutions were seeing increased instances of PIN fraud at the ATM.

Discoveries:

    • A fraud monitoring system (FMS) was not in place for PIN authorizations performed at an ATM.
    • All employees were granted the authority to change ATM PINs when requested by a caller.

Preventive Actions:

    • Confirm in writing from your PIN vendor that you have a FMS in place for all types of authorizations.
    • Ensure PIN change requests are performed using robust authentication measures, especially if you have a voice response unit (VRU); do not give your employees the authority to manually process PIN changes.
    • Review your PIN change reports to see if there is a notable increase in PIN changes.
  1. Financial institutions were seeing high daily dollar amounts on card transactions.

Discoveries:

    • Credit card limits were set at the line of credit for a 24-hour timeframe.
    • Debit signature limits were set to the available balance in the cardholder’s account.
    • Debit PIN limits for POS and ATM were set at $1500 and greater.

Preventative Actions:

    • Confirm you have daily dollar limits for ALL types of transactions.
    • Set your daily dollar limits to suit your organization’s risk appetite and tolerance.
    • Ensure daily dollar limits are set to accommodate the spending activity of your account holders.
    • Let your cardholders know they should inform your organization if they want the daily dollar limit raised to better accommodate their transactions.

The discoveries that were made after communicating with these financial institutions demonstrate the importance of ensuring you have strong security measures in place to help prevent fraud attacks, while at the same time verifying the strength of your card processors’ and vendors’ security layers.

Watch the recording of Allied’s Card Fraud on the Rise: How Financial Institutions Can Help Prevent It webinar, co-presented by Ann Davidson and Tammy Behnke, Program Executive at ProSight Specialty Insurance, to hear more about how you can remain more protected from card fraud.

Hear more about security breaches and learn what your financial institution can do to help prevent and respond to breaches by attending Allied’s upcoming webinar Data Breaches Continue to Rise: How Financial Institutions Can Prepare & Respond on May 4. Click here to register.

Allied Solutions is the NAFCU Preferred Partner for Insurance—Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP); and rateGenius. Learn more at www.nafcu.org/allied.

3 Questions for Your Mobile Banking Partner (Part 2)

By: Will Furrer, Senior Vice President – Product Group, Q2  

We pick up this blog series, addressing the last two questions your credit union should be asking a digital strategy company when developing a mobile banking plan.

Check out Part 1 of the blog series here to learn about the importance of providing a consistent experience on mobile.

Question 2: How does security work for the mobile channel?

Mobile security is a becoming more and more critical every day.  Due in large part to the fact that today’s mobile devices are essentially hand-held computers. As such, the risk of device compromise is something every member, and you as a credit union, should be keenly sensitive too.

Because of this, the security of your mobile banking solution can’t simply be the ‘latest and greatest’ protection available; it must be ahead of the times – using advanced techniques only behavioral modeling and machine learning can support.

Interconnectivity & Behavioral

Mobile banking is not the only type of digital banking your members will do, therefore, it is critical that your mobile security be part of a holistic view of each member’s behavior within your entire digital banking ecosystem.

A comprehensive picture of members’ behaviors across all your virtual channels, which answers questions such as: What operating system are they using for their banking? What time of day do they usually do their banking? What do their typical movements through the application look like?

The power of interconnected solutions – or better yet – of a single platform solution, are very much aligned with credit unions seeking to be the most trusted, secure brand their members engage with. 

Click for Q2 Case Study — Efficiency

Question 3: Does your mobile banking application provide support for commercial banking members?

As the majority of forward leaning credit unions seek to meet their members where they are, the need for small business features and functions available via the mobile channel is becoming increasingly important. Small businesses—a.k.a. SoHos— are making their way into the households of millions of Americans every year, who prefer to bank with a credit union due to the service, support, rates, and connection to the community where they live and work. However, neglecting their mobile business banking needs will in fact put the business of these profitable households in jeopardy over the coming years.

Feature / Function

Small and medium businesses (SMBs) require access to ACH for payments and payroll. Sometimes it’s only a few people, but more and more frequently SMB owners are using their personal accounts; meaning they are moving larger and larger amounts of money to more and more employees or contractors.

The great news is: your credit union can work with the SMB’s relationships to provide accounts for these potential members. It’s a win/win.  A win for the owner of the SMB—who is now able to manage their payroll via their mobile device, as well as approve wires and draft payments, which is what they expect from a progressive credit union like yours. And a win for your credit union in the form of new members.

Conclusion

Above all else, offering a business banking solution via mobile devices will provide your members the same freedom they have come to appreciate with your retail banking products—expanded to where they make their living, not just where they check their balances. Mobile commercial banking access is a clear separator for innovative credit unions, one that will benefit you and your members.

 

Q2 is the NAFCU Preferred Partner for Single Platform Virtual Banking Solutions—Including Online and Mobile—for Community and Regional Financial Institutions. Learn more about Q2 by visiting www.nafcu.org/q2.