Crooks are Phishing for Dollars

Can communication keep members off the hook?


It's difficult to put a dollar amount on the safety and security of online channels, but businesses can certainly assign a dollar amount to a violation of that security. 

“Costs for [data] breaches involving all major causes grew between 15 and 48 percent from 2009,” advises Symantec in a 2010 Ponemon Institute report, with the average cost per organization hovering around $7.2 million. 

A significant portion of this cost is manifested in customer turnover, which can have long reaching implications. Prevention may start at the institution (negligence was the top cause of breaches, present in 41% of reported instances) but doesn’t end there. Third party mistakes (39%) lost or stolen devices (35%), malicious or criminal attacks (31%), and system failures (27%) were other common factors.

The notorious Epsilon breach exposed customers of multiple retailers and even financial institutions to “spear phishing” attacks, which utilize stolen information to directly target consumers through fraudulent emails (many even address the target by name in the subject line). 

And 70% of the 33,000 phishing attacks that occurred in June alone targeted the financial services and online payment industries, reports the New York Times. Whether or not an institution is directly targeted, compromised member or employee security online can eventually lead to headaches for both parties. 

While many of your members and employees know well enough to avoid traditional spam, have you communicated about online threats effectively enough that they would turn down emails that appear to be from the credit union, the IRS, or even the NCUA

While education and increasing awareness remain the primary method of risk avoidance (deployed at 63% of institutions), Symantec reports these steps are increasingly coupled with tech solutions like encryption (61%), increased manual procedures and controls (54%), identity and access management solutions (52%), data loss prevention options (43%), and endpoint security solutions (41%) to secure a more airtight defense in an evolving security battlefield.


April 13, 2011


  • What a joy to find such clear thikinng. Thanks for posting!