As Social Engineering attacks escalate in both sophistication and frequency, one of the top security challenges facing Credit Unions will be how to ensure prevention methods are deployed to help successfully mitigate these attacks. Social Engineering attacks come in many forms with just as many names. For example, via email (Phishing), phone (Vishing), and even text messages (Smishing). No matter the methodology or naming convention, two of the main goals of social engineering are to obtain your user’s credentials and installing malware on your Credit Union’s infrastructure.
One of the best prevention methods is to ensure your Credit Union has a multi-layered approach to dealing with these attacks. Some of the tactics include, but are not limited to:
- Employee training and awareness
- Effective patch management
- Ensuring anti-malware software is installed and running up to date definitions
- Deploying mail security and anti-phishing technologies
- Employing web filters to block malicious websites
- Prepending headers on emails originating from outside the organization
Credit Unions should be sure to have clear policies and procedures on how to deal with social engineering attacks, and employees should fully understand them and how to act if and when they believe an attack is occurring. Employee awareness/training is one of the most effective ways to prevent a social engineering attack from being successful. Training programs should start on the hire date, as well as periodic testing to ensure all employees are able to successfully avoid security breaches. By having an effective process of training and reinforcement, the Credit Union can create and maintain the “Human Firewall” component that is so critical to mitigating security breaches.
Keep an eye out each month for a new information security tip from the Ongoing Operations CISO Office.