Archive

Go to:

October 2017
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031
< Sep Nov >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

CEO Sherwin Discusses Cybersecurity with 'Journal Record'
Tuesday, March 8, 2016 6:55 AM

Because of the amount of daily business conducted over the Internet, common cybersecurity breaches like hacking into restricted files and stealing private data are on the rise. Oklahoma Employees Credit Union (OECU) SVP and Chief Technology Officer Philip Sherwin spoke to the Journal Record about the situation.

Hackers aren’t targeting only big corporations, the Journal Record article said. In 2014, 34 percent of spear-phishing attacks seeking unauthorized access to confidential data were aimed at small businesses with less than 250 employees, according to a Symantec report. And the effect can be detrimental. Sixty percent of small businesses that have a security breach go out of business in six months, according to Experian.

“Typically a small business would be targeted because they lack resources," Sherwin said. "A business ran by a few people isn’t going to have an information security specialist on staff, nor the budget to outsource to an expensive security contractor."

Whether you’re selling T-shirts, food, or checking accounts, no one wants to be the one in the news as a result of an incident or a breach. With 140 employees and as a community bank, OECU is among the hundreds of small Oklahoma businesses that have to stay vigilant in cybersecurity.

Recent news about different hacktivist groups exploiting organizations for social or political causes gains attention, but in most cases, hackers are motivated to compromise sensitive data for the purpose of financial gain.

“Any bank or credit union out there is charged with the same task of protecting both personal and financial data,” said Sherwin. “It’s absolutely what makes those in our industry an attractive target. For that reason, we face security threats from many different areas. In the banking industry, our entire relationship is built on a foundation of trust and security.”

During any given week, OECU experiences events like firewalls being scanned. In layman’s terms, a hacker is jiggling the handle to the front door of the network to see if it’s unlocked.

“So, we’re constantly upgrading and updating hardware to reflect the types of threats we’re seeing,” Sherwin said. “It’s why we have to employ dedicated security resources that monitor our network around the clock.”

Email is another easy target for cyberattacks. Spammers are more sophisticated with the types of emails they use, and the primary goal is to have someone click on a malicious link or file so a virus can infiltrate the network.

“They disguise these in the form of phony emails from popular retailers, shipping companies or maybe an organization you work with frequently—anything to pique a user’s curiosity level to the point that they’ll want to click,” Sherwin said. “So, we have to invest in security on that front, as well as train our users about email security.”

Small business websites are the last and most obvious cyber target, because they’re public-facing.

“We have to employ a lot of security resources here, to protect our members’ credentials from being compromised,” Sherwin said. “Denial-of-service attacks is also a threat to this channel, but we don’t see much of that because our footprint is pretty small when compared to some of the nationwide financial institutions. Regardless, we always have to be ready.”

“Cybersecurity is something we talk about a lot,” said Larry Weatherford, public affairs specialist with the Small Business Administration's Oklahoma City office. “We tend to look at small business in a broader spectrum than just cybersecurity though. We look at what the total picture is as far as cyber and physical security of data and how to protect it.”

Every day, new ways of losing data are uncovered, from employees hitting a malicious link to losing thumb drives with sensitive information. Weatherford said sophisticated hackers are now just dropping thumb drives that are loaded with viruses in business parking lots in the hopes that a well-meaning employee will plug it into a computer.

Loss of physical data, like information stored in file cabinets, is susceptible to theft or loss through natural or man-made disasters.

“When small businesses do suffer data loss, it tends to either be theft or inadvertent disclosure,” Weatherford said. “We try to get small businesses to look at where they are vulnerable, identify those vulnerabilities and put protection in place.”

Small businesses have resources to ensure their sensitive data is secure. The Small Business Administration, for instance, offers computer security workshops nationwide along with the National Institute of Standards and Technology and the FBI.

SBA’s resource partners—SCORE, Small Business Development Centers, Women’s Business Centers, Veterans Business Outreach Centers and Innovation Clusters—also host training sessions to help business owners reduce their online risks and increase awareness of cybersecurity threats. For more information about cybersecurity, visit sba.gov/navigation-structure/cybersecurity.