Cornerstone IT Consulting advises CUs to get risk assessments after latest hacking incidents

Wired online reports that after the theft of nearly 200 million passwords from companies like Dropbox and LinkedIn, someone has cobbled together those breached databases and many more into an unprecedented collection of 2.2 billion unique usernames and associated passwords. But that's not all. Those fraudsters are freely distributing the breached data on hacker forums and torrents, "throwing out the private data of a significant fraction of humanity like last year's phone book."

As technology changes, every credit union faces new security issues. Credit Union Resources addresses these issues daily, as their team of technology professionals provides guidance on compliance, shares best practices, and performs audits, to name a few.

Idrees Rafiq, Jr., vice president of IT consulting with Credit Union Resources' Financial and Technology Resources division. specializes in leveraging IT and security-related issues with compliance, marketing, vendor management, business continuity, and other business operations specific to credit unions ranging from $2 million to more than $2.5 billion in assets.

"Cybersecurity matters in a way not everyone fully understands," said Rafiq. "Working for about 13 years in the realm of cybersecurity with credit unions of all sizes has made it clear they have a serious need for enhanced threat intelligence, collaboration activity, and risk preparedness. The burden to comply may not be the same for all credit unions, but for those who struggle or are willing to help others, there are options."

Rafiq says it's critical that credit union IT professionals—or those acting as such—be more vigilant than ever about every aspect of their jobs.

"Cybersecurity concerns change all the time, as this latest compounded breach has shown us," Rafiq said. "Hackers and fraudsters are busy creating new, more menacing threats every day and, unfortunately, vulnerable businesses don't realize the magnitude of a new threat until the threat has already hit them. That's when they call us, but by then, considerable damage could have occurred."

Rafiq recommends a more proactive approach that includes getting regular risk assessments performed by a professional outfit like Credit Union Resources, which has experts on staff who can expose vulnerabilities before it's too late.

The best thing for IT staff to do is the same thing Rafiq does—stay connected with professional IT and cyber groups who are often the first to alert the media. He recommends IT staff members engage with industry think tanks, associations, publications, and councils, such as Cornerstone's Technology Council.

Rafiq also serves on the executive leadership board of the National Credit Union Information Sharing and Analysis Organization (NCU-ISAO), which he says gives him tremendous insight as to the latest cyberthreats and trends, and which he uses to his advantage in his job.

The NCU-ISAO promotes the strengthening of credit union cyber resilience through intelligence, operation guidance, and education. They provide members actionable intelligence that includes educational components that even the most technology-challenged person could understand.

Rafiq will be attending this year's NCU-ISAO 3rd annual conference, Feb. 6-7, at Kennedy Space Center's Astronaut Memorial Foundation in Florida. This conference is open to credit union IT staff and Cornerstone-member credit unions may register with a $50 discount to attend. Just use the member discount code CURESOURCES.

This specialized cybersecurity conference is the ideal venue for gaining in-depth knowledge and best practices on information security and cyber resilience. Get the latest event information at ncuisao.org/annualconference.

To learn more about how Credit Union Resources can measure your cyber resilience, contact Idrees Rafiq at 469-385-6799 (direct), 800-442-5762, ext. 6799 (toll free), or via email at irafiq@curesources.coop.

About the National Credit Union Information Sharing and Analysis Organization
The mission of National Credit Union Information Sharing and Analysis Organization (NCU-ISAO) is to advance credit union-specific cyber resilience in a strategic and collaborative partnership. Cornerstone Credit Union League and Credit Union Resources have allied for the month of October to help credit unions be prepared for 21st century cyber threats.

About Credit Union Resources Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a wholly owned subsidiary of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.