Every day, I see another headline about security breaches. And whether it’s personally identifiable information, university records, or taxpayer IRS filings, these hacks aren’t just disturbing; they’re dangerous. And I’m tired of it.
For companies,the danger is lost customers, damaged reputations and wrecked bottom lines. A new report by the Ponemon Institute, sponsored by IBM, (Cost of Data Breach Study: Global Analysis)foundthe price tag for a data breach now averages $3.8 million.
But what about danger to consumers? The Anthem breach exposed 100 million consumers’ PII – more perilous than credit card thefts, which can be canceled. And we still don’t know the toll on 4 million federal employees whose identities were jeopardized, thanks to unencrypted stolen social security numbers.
Know The Scoop On FI Security
Cybercrime pays, especially when companies don’t require strong credentials or have subpar security. The Identity Theft Resource Center, a national, non-profit organization that assists ID theft victims and tracks cybercrime. tallies U.S. breaches at 361 so far in 2015. And the FTC reports identity theft as the top consumer complaint … again.
Our industry claims to be trusted financial institutions. But the ITRC says 32 financial organizations experienced breaches through June – including some credit unions. And we haven’t heard the last of JPMorgan Chase’s debacle, which may still drain millions of customers’ accounts.
How do we square these security failures with our rhetoric?
Help Members Protect Their Data
Headlines aside, members wonder about data security because much of their business is handled online, personal, and work-related. Consider sharing these tips:
Encourage strong passwords. Too many people use the same password for multiple accounts. A BitDefender study revealed 75% use their email password for Facebook, so PC Magazine cautions, “If that’s also your Amazon or PayPal password and it’s discovered, say good-bye to some funds.” Provide members with password best practices, like these from Krebs on Security.
Hold security events. Members may care about cybercrime, but many don’t take steps to protect themselves. Offer online resources and free educational seminars on safeguarding their PII. Also consider adding an educational component to community shred days by displaying your web address with links to online security information.
Make something old new. Your members know about safe-deposit boxes, but how many use one? They’re safe, but not handy, especially when you need a file quickly. Instead, offer an easy-to-access, online safe deposit box for members to store vital papers. Choose a provider with SSAE 16 certified data centers, redundant storage devices and encryption while documents are loaded andduring storage. Avoid so-called community cloud storage, which offers thin protection and mixes everyone’s data together.
Get serious about PII security
With 32 FI data breaches in the first six months of 2015, your members’ data is in danger, and adopting the best data security isn’t an option anymore.
Virtual StrongBox Inc. offers a stronger document-security process for storing members’ sensitive data. Our patented process allows encryption of data at rest and in transit, in every database that stores PII. Our method moves data security to an unparalleled level, protecting data the “financial industry way.”
Credit union professionals, regulators and trade groups should demand encryption-at-rest technology for stored PII, whether through our process or another provider. This technology overhauls PII security, and it should become the industry standard.
Are you as tired of the blaring headlines about breaches as I am? Let’s publish a new one: “Your personal information is so safe, you can take it to the credit union!”
Ron Daly is the president/CEO of Virtual StrongBox Inc., a company known for protecting personal data the “financial institution way,” providing credit unions with a host of automated file exchange and file storage services. For more information, visit www.myvirtualstrongbox.com.