I Repeat…..“Only Three Things are Certain in life: Death, Taxes, and…Data Breaches”
In 2015, I wrote an article about the certainties of our lives being affected by a data breach event. Similar to death and taxes, there are steps that we can take to mitigate its effects on our lives, but there is no way to fully prevent it from occurring. Funny how some things just don’t change….it’s nearly four years after I wrote the initial article and the certainty of data breaches occurring is as true today as it was back then. This article explains why. Credit unions would serve their members well to provide protection against the fallout of breach events…which just keep happening. I have only added a few new points (in parenthesis) to the article below, but the original message remains the same.
If Benjamin Franklin were alive today, I believe this would be his new take on his famous quote. He would recognize the inevitable fact that data breach events, like death and taxes, cannot be stopped. They certainly can be deterred and delayed, but based on the avalanche of data breach events in the past eighteen months, as well as the industry forecast for more to come, Franklin would warn, “Be prepared.” (Over a billion people were breached in just one month last year… between November 2018 and December 2018)
We hear about the growing laundry list of companies who are focused on finding the magic pill that will give businesses and financial institutions, as well as individuals, a sense of peace and security. These companies all pinpoint individual elements of data breach exposure and create products or services sold as “preventative” solutions. Whether it is credit monitoring services, software encryption programs, EMV chip cards, document destruction, protective data storage offerings, etc., they’re all one dimensional solutions, fighting a multi-multi-multi-dimensional problem. (Blockchain technology was the 2018 “end-all solution” for ID theft….but it too has not failed to guarantee safety)
So many former and current FBI leaders, and other criminal investigation experts, have warned about the pure fact that it is not a matter of IF you will experience a data breach, but rather WHEN it will happen. Security firms and experts on data breach, ID Theft, and cyber security all understand that the root of the problem is actually inherent in the world’s rapid technological advancements and the public desire for increasingly more data mobility & accessibility. These factors, coupled with the human element (social engineering), are the real reasons that data breach and ID theft events are not stoppable.
The human element is responsible for almost 70% of all data breaches, even though cyber theft events get the lion’s share of headlines in major news reports. The human element consists of much more than international organized crime or the local bad guys trying to hack into your business. It is the disgruntled employee, the negligent vendor, the absent-minded manager, or simply the misplaced laptop or thumb drive of personal data…..and the list could go on.
So when faced with the inevitable truth about data breach and ID theft events, what is the best way for your credit union to be prepared for WHEN it happens?
Without neglecting your efforts to “deter” these events through proper policies, awareness programs, and compliance, it is imperative to have a strong and sound plan for mitigation and restoration/recovery. Incorporate strategies and solutions to help maximize your credit union’s preparedness for, and ability to, support members in their time of need, and for your institution in its time of the unthinkable. An interesting trend that was recently revealed by a Scottsdale, AZ firm, Cornerstone Advisors, indicates that consumers, especially millennials, are turning to credit unions or other financial institutions for non-financial services such as ID theft protection. And, as reported in a CU Times article, the majority of millennials are willing to consider buying bundled services at attractive prices.
The good news for your credit union is there are resources to help you accomplish all of this, while also providing an opportunity to generate non-interest income as you educate your members and provide them with protection against these data breach certainties. Something perhaps even Franklin would applaud and consider “a penny saved”…. a lot of pennies!