In an article published in Credit Union Times on July 12, Jack Pringle discusses steps that credit unions can take to address Business Email Compromise (BEC) threats.
While credit unions are required under the Gramm-Leach-Bliley Act (GLBA) to have various safeguards in place to protect members’ “nonpublic personal information” (NPI), the way credit unions communicate and conduct business with their consumers is different than it was when GLBA was first implemented.
“Most (if not all) business transactions are now conducted using digital technology and electronic communications, and as a result are subject to a host of cyber threats. And these transactions utilize not just the networks and communications of credit unions, but also those of their members and vendors,” explains Jack.
The BEC scam occurs when business email accounts have been compromised through the use of malware, spoofing email addresses or social engineering, resulting in unauthorized funds being transferred to the scammer. While the BEC scam targets vulnerable companies and individuals, not the credit union’s network directly, there are certain steps a credit union can take to protect themselves such as implementing encrypted email communication.
“Identifying and understanding the risks involved in protecting NPI, and the tools available to credit unions to address those risks, help make this ongoing process more manageable,” Jack concludes.