How Airtight is Your Credit Union’s Risk Management Hygiene?
Strategic Link partner, NuQuo, shares examples of commonly overlooked vulnerabilities in an organization’s risk management strategy.
Just like children forgetting to wash behind their ears, sometimes organizations forget to look in all the nooks and crannies of their business to make sure they are keeping their infrastructure, internal data, and clients’ information safe.
Examples of these “nooks and crannies” include overlooked technological vulnerabilities, such as:
- Fish tank monitors — no, seriously! The Internet of Things — defined as a network of physical objects that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet — is a huge risk to organizations. One Las Vegas casino was hacked through its fish tank monitor and had 10 gigabytes of data stolen from its systems.
- HVAC systems — Target was hacked via stolen credentials from an HVAC provider. The breach cost Target $309 million, led to a $200 million loss for associated companies, and resulted in a 46% decline in earnings. It’s vital that vendors who have remote access of any kind follow the organization’s security protocols.
- Copiers and printers — These devices have become fully functional endpoints on a network. They have memory, processors, and operating systems, and can be vulnerable to fraud attempts.
NuQuo is a full-service, vendor-neutral consulting firm specializing in cost reduction, strategic planning, risk management, and contract negotiation for office equipment. Risk management is a top priority for the Strategic Link partner. Here are a few things Nuquo looks at when working with a credit union:
- Technology vulnerabilities —software and firmware assessments
- Available technology — card access, pull printing, follow-me printing
- Hardware – hard drive wiping, end-of-life devices
- Utilization management — financial risk associated with utilization
- Contract pricing – financial risks associated with equipment contracts
- Contract review and management – protecting you, not the vendor