A data breach is the intentional or unintentional release of secure information to an untrusted environment. According to a recently released study by Javelin Strategy & Research, more than 5 percent of all adults in the U.S. were affected by data fraud in 2012. Unfortunately, data breaches are on the increase, up 48 percent in 2012 from 2011, according to the Javelin study.
When a data breach occurs, organizations are often defined by how quickly and effectively they respond to situation. Brian Grimes, IT manager with Baylor Health Care Systems CU, shares his thoughts on data breaches with LoneStar Leaguer readers.
Question: Are data breaches inevitable?
Grimes: Absolutely not. Perpetrators will try to exploit vulnerabilities and they will take the easy route in. It’s imperative that credit unions take the necessary precautions, which includes among other things following strong security practices and adhering to organization policies and procedures, as well as ensuring that staff is properly trained.
Question: Are there certain industries or companies at greater risk? If so, why?
Grimes: Credit unions are at greater risk of a data breach because of the nature of our business. However simple practices like locking your computer when you step away from it can help minimize the risk of a data breach.
Question: What are signs that a breach has occurred?
Grimes: There are many signs, including an unauthorized log in or database inconsistencies. Another indicator of a possible data breach might be if more than one member calls in and complains of a transaction on their account that they did not make.
Question: What tips can you offer credit unions to help minimize the risks of a data breach?
Grimes: Maintain a strong IT posture. Software and operating systems should be current. You should also have a firewall and up-to-date anti-virus programs. Performing an annual privacy and risk assessment is also important.
Question: If data breach occurs, what are the three most important actions a credit union should take?
Grimes: As noted above, a credit union should follow appropriate policies and procedures. As an IT professional, my first thought would be to contact your processor, notify local authorities and communicate with your membership.
Question: What do you think will determine whether or not an organization can recover from a data breach?
Grimes: A data breach is a very serious matter and an organization’s responsiveness to the situation will determine how well they will recover from it. If a credit union is slow to respond to a data breach, it could interrupt service and could potentially cost them financially. And it most certainly could damage their reputation.