Posts tagged ‘cyber-attacks’

It’s a Scary Time for CUs, Cyber Attacks, and Insurance

Warren Zevon once called on his dad to bring him “lawyers, guns, and money.” Given the sharp increase in cyber-attacks, your average credit union CEO should be asking for lawyers, money, and better cyber insurance policies.

Recently, an article in The American Banker proclaimed that these are scary times for small banks and credit unions, some of which have recently been the target of ransomware attacks. Yours truly is highlighting this trend not simply because I want to scare you into action but because I believe that for many financial institutions the question is not if, but when you will find your credit union’s data being held by hackers who want money in return for allowing you to access your client’s personally identifiable information.

One of the most basic steps you can take to help protect yourself against ransomware and data theft attacks is to buy insurance. This is an issue that yours truly is also becoming increasingly obsessed about because there is a lack of clear guidelines as to precisely what a policy provides your credit union and even if your regulators are going to penalize you for using insurance proceeds to recover from ransomware payments.

My paranoia has been fueled by this recent GAO report describing an insurance industry that is scrambling to adjust to the rapidly evolving and increasingly expensive niche of cyber-attacks. For your credit unions that means that it is absolutely crucial that you get competent counsel to provide new guidance as to what is and is not covered under your policy. It also means that you should not assume that general language in your existing policy already provides you insurance protection. There are more and more cases in which this precise issue is being litigated. For example, I recently came across this case, West Bend Mutual Insurance Company v. Krishna Schaumburg Tan, Inc., in which an insurance company tried to deny coverage to a business that was sued after providing biometric data of customers to third parties.

In the medium to long term these issues will resolve themselves. Courts will scrutinize and effectively standardize basic terms. The problem is that this is little comfort to those of you confronting these issues right now. Time to call the lawyers and bring the money.

May 26, 2021 at 9:16 am Leave a comment

Beware of Cyber Extortion

The FFIEC, the Council of banking regulators including the NCUA, issued a “joint statement” yesterday warning financial institutions to take steps to guard against cyber-attacks involving extortion. Numerous news reports have chronicled the increased vulnerability of businesses to computer hackers that use malware to encrypt data on a company’s computers making it impossible for the institution to access key data. The data is then ransomed.

Another increasingly common attack businesses are vulnerable to is the so-called denial of service attack in which hackers threaten to take down a company’s computer systems unless certain demands are met. The FFIEC’s statement warns all financial institutions that they face “a variety of risks from cyber-attacks involving extortion” and outlines several risk-mitigation steps that they should be taking. At the same time, the regulator stressed that the statement “does not contain any new regulatory expectations.”

So, here is my very practical take-away. Remember that all risk assessments involve periodic adjustments of plans and procedures as new threats emerge. With this statement, examiners have signaled that they consider cyber-extortion to be a serious threat. As a result, you should take the time to make sure that your risk assessment and procedures address this threat to your credit union’s operations. Obviously, the steps a five member credit union will take are vastly different than those expected of $1 billion credit union.

Senate Republicans Hold Serve

The most important election on the State level last night was the special election held to fill the Senate Seat vacated by Republican Senator Thomas Libous, who was convicted of corruption-related charges. Broome County Undersheriff Fred Akshar easily beat Democrat Barbara Fiola. This win means that the Republicans maintain control of the State Senate as they head into an election year. The Senate Democrats held onto the Brooklyn Senate seat previously held by Senator John Sampson, who also lost his seat following a criminal conviction on embezzlement charges. Three open Assembly seats in Queens and Brooklyn were also held by the Democrats.

For the political junkie, the most interesting result of the night was in Nassau County, Long Island – where Democrat Madeline Singas, who was making her first run at political office, defeated Republican Kate Murray for the office of District Attorney. According to Newsday, she leads by 30,000 votes. The size of the victory and the fact that a Democrat won over a well-known local Republican politician is certain to raise the eyebrows of Democratic operatives as they decide where they have their best chances to take control of the State Senate.

November 4, 2015 at 8:42 am Leave a comment

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 726 other followers