[00:00:00] Jessica Quindlen: Welcome back to the Sound Cents podcast. I'm Jessica Quindlen. Today we're celebrating Cybersecurity Month.
We have two experts from Ent Credit Union. I have Josh Huckels, our Cyber Security Engineer. Hello, Josh.
Josh Huckels: Hello.
And Daniel Gowing, our Information Security Analyst. Hello, Daniel.
Daniel Gowing: Hello.
Jessica Quindlen: All right, let's just jump right in. What are the most common cybersecurity threats faced by financial institutions?
Josh Huckels: The institutions themselves have a lot of things that we have to look out for. Everybody's trying to get at the money, right? We have phishing attacks leveraged against us. We have people scanning our systems and trying to get inside. We're trying to prevent all those things in a lot of different ways.
Daniel Gowing: A lot of people are also trying to get to the data that we have. We have a lot of member data that we need, Social Security numbers, home addresses, phone numbers, things like that, and you'd be surprised by how much all of that is worth to criminals,
Jessica Quindlen: Scary stuff. So, what are the potential consequences of a cybersecurity breach in personal [00:01:00] finances?
Daniel Gowing: It's a little different when you're looking at personal finance versus when you're looking at institutional finance.
If you're looking at personal finances, for members oftentimes, you can be losing thousands of dollars or even if you're not directly losing it, it can get tied up for a while.
Josh Huckels: It doesn't feel great when somebody gains access to all your personal information and your finances, and it takes time out of your day to go back and clean all that up. You have to change passwords, reset accounts, work with the bank to get everything back into good secure state. So definitely lots of consequences in certain ways for cybersecurity breaches in personal finance.
Jessica Quindlen: How do errors by members contribute to cybersecurity vulnerabilities in their own personal finance?
Daniel Gowing: It's not necessarily errors. A lot of it is just lack of awareness, right? Most people, if they know the right thing to do, they're going to do it. And so those things could be, for example, not having any multi-factor authentication set up on your account.
There are things like having your devices updated. Ensuring that really allows members to be more [00:02:00] secure. Specifically, we're talking about vulnerabilities with devices, where you're going, who you're talking to. Awareness of what's going on is the biggest factor.
Josh Huckels: Yeah, just practicing good security hygiene really eliminates a lot of things that could affect you from any sort of threat actor out there. Having good passwords, don't click on emails that you don't recognize, use MFA, keeping your devices up to date are just basic things that everyone can take part in to keep their personal finances secure.
Jessica Quindlen: That's great. Building on that, how can members collaborate to enhance cybersecurity measures?
Daniel Gowing: I'd say the number one thing is doing the research and being aware of what's going on around them. Everyone nowadays knows if a Nigerian prince calls you, that's a scam.
But what are the actual scams that are going on today? Whether it's things like phishing emails, people calling in and claiming to be the IRS, or [00:03:00] have a really nice offer for you. There's so many different ways people are scamming. And so just having an awareness of what is actually true and not true is very important.
Josh Huckels: It's much easier to convince somebody that you're someone you're not these days, especially with the advent of AI. There are different types of cybersecurity attacks where it seems like you're talking to the actual bank and it might even sound like a bank teller. Or it can seem like you're talking to your mom and it actually has her voice.
These are more sophisticated attacks, but they definitely exist and they're targeting people around the world as we speak, so definitely something to keep your eye on.
Jessica Quindlen: With those specifically, it might sound like your mother, but would your mother really call you on a Wednesday at noon for your Social Security number?
Josh Huckels: Your mother's not going to ask you to buy $500 of Apple gift cards.
Jessica Quindlen: Yes. We've started talking about multi-factor authentication and other things, but what are some essential practices in cybersecurity that individuals should follow so they can protect their data?
Daniel Gowing: Number one, multi-factor authentication. And really it's all of the authentication measures, including [00:04:00] having passwords that you're not using across all of your different websites. Nowadays, when you have hundreds of different accounts, it's really easy to keep the same password across all of them. With this, having a password manager is a really important key piece, and making sure that your multi-factor authentication is secure in and of itself. The best ways to do that are through an authenticator app and ensuring that you're actually keeping that enabled, because it's really easy to disable it for a long time.
Josh Huckels: Just one good tip is don't reuse your password for the password at your bank. At least have that one password be unique and don't reuse it elsewhere. Cause that's your money. So make the exception, take a little bit of effort and have a unique password to use at your bank. But Daniel's absolutely correct. Having multi-factor authentication also just really exponentially strengthens your account.
Don't click on emails that you're not aware of. Keep your devices secure. just stay aware and anything that [00:05:00] mentions money or talks about your bank account, give it a second look and make sure it's secure. Cybersecurity incidents are going on every day.
Jessica Quindlen: How comforting.
Josh Huckels: Our team sits next to the Fraud team here at Ent, which is a great team. They help protect our members money and work with people who have been compromised in scams and things like that.
Jessica Quindlen: Yeah, they're great. We've had them on the podcast. They're great. They have some stories.
Josh Huckels: Well, I don't need to retell them, but I've sat with them for a long time, and people are getting scammed every single day. There are people that think they met somebody on Facebook or are working for a new startup company. There are lots of different ways that people get scammed on Craigslist and Facebook marketplace, and you wind up losing a lot of money. It's very common, and those scams are out there trying to target multiple individuals at any given time. It's not something rare. It's something that we deal with every day.
There are large, targeted attacks. There was a recent attack where there was a Trojan from people clicking on email links getting the malware installed on their computer, and suddenly they were getting calls from [00:06:00] what they thought was their bank and actually sounded like their bank and had the correct bank information.
So you thought that you were talking to a bank teller. Things of that nature just happen so frequently, so it's very important to stay aware and second guess anytime somebody is asking you for your password or access to your personal information.
Daniel Gowing: Yeah. To that, anytime someone calls you, you can always hang up and then call back at the actual line and you should be able to get back to the person if they are actually from Ent or from whatever institution you're talking to. And that's a pretty important thing is that we have secure forms of communication, and it's really important to make sure that you're going through the proper channels.
Jessica Quindlen: Scary, but very true. And yes, and I think, Lachey says that when she comes on too, like, every financial institution is never going to ask for your PIN number over the phone. No one needs to know that information.
Josh Huckels: We don't need your password.
Jessica Quindlen: They don't need your password. That's not a thing that we need. So, building on that, since cybersecurity is everywhere, what are the warning signs of some potential fraud or scams? As we just said, if someone's asking for your PIN [00:07:00] number, no one needs to know that.
What are some other things to look out for when it just seems correct in every other way?
Josh Huckels: If you have to send money to someone else, you should be thinking about it, especially if it's somebody you have not met or if it's a company that you're trying to work for. Most places won't ask you to send them money when you are trying to get money from them for a legitimate job.
Gift cards are a huge red flag. Threat actors love to get you to purchase gift cards and share the code with them so that they can get the money off them. If you hear the name Western Union, think about it three times because it's a good way to send wires to people who are trying to steal money from you.
Generally, when money changes from your hand to a different person's please double and triple check because those are just massive signs that's going to be a fraud or a potential scam.
Daniel Gowing: Yeah, anything that is asking you to go urgently is an indicator [00:08:00] just because there's very few things in this world from a banking perspective that need to happen by the end of the day, or by the end of the hour, or right now. Most places are okay with giving you a warning a week out, or a month out.
The goal of those sort of urgencies are to really bypass your brain's logical thinking and make it so that way you just do what they say before you really think through the actions. It's a lot of emotional hijacking.
Jessica Quindlen: Oof. So how can individuals verify the authenticity of these communications? If they see a warning sign and it's maybe not super glaring, but enough that they'd like to verify.
Daniel Gowing: Yeah. We recommend, as we talked about earlier, contacting through the secure communication channels that have been established, like calling the Ent phone number, and even working through the phone tree. There's someone that knows the right answer and can find that out for you. That's the easiest way. Phone calls or going in person if it's a really big deal that's a really good way.
Jessica Quindlen: We've talked about it a lot, stay informed, do your research, [00:09:00] obviously listening to this podcast. We have a lot of different content on this, articles, et cetera. But how can people really stay informed on the latest threats and best practices outside of that?
Daniel Gowing: Yeah. We publish security articles pretty regularly. We have a lot of best practices listed online.
There's also several news outlets that report on cybersecurity threats all the time. So just have an awareness if you see that sort of thing, look and see what's going on in the world.
Josh Huckels: A lot of different people will put out good articles on how you can secure your accounts and what you need to pay attention to for phishing or for malware or for all these different types of security threats that can affect you. Really explore the known sources that you find trustworthy and see if they have any sort of cybersecurity recommendations out there and pay attention and see if you're actually applying them to your own personal finances.
Jessica Quindlen: That's great. That brings us to the end of our show. Josh, Daniel, thanks so much for being here. It was great having you.
Josh Huckels: Thank you very much.
Daniel Gowing: Thank you.
[00:10:00]
Jessica Quindlen: Thank you for listening to Sound Cents from Ent Credit Union. Be sure to follow our podcast as well as rate and review us. I'm Jessica Quindlen. I will see you in two weeks, same time, same place.