5 minute read
LENDER SPOTLIGHT: Q&A with David Weed
With a graduate degree in finance, David Weed started his career in commercial lending in 1988. He worked at both large and small regional financial service firms before joining Service Credit Union as Assistant Vice President in 2012. Since David’s arrival at Service CU, his work has garnered a noteworthy number of awards and recognitions. To name just one, David was the recipient of the NH Business Review’s Business Excellence Awards in Financial Services for helping Granite State businesses stay afloat amid the Covid-19 pandemic. David says, “We are grateful to New Hampshire businesses for trusting in us, and we are there for them, no matter what.” We talked to him about another way Service CU is there for businesses, no matter what: keeping them safe in a digital world.
In this digital world, there are malicious actors who are growing ever more sophisticated about how to hack information and profit from it. It seems that it’s increasingly important to trust the financial institutions you’re dealing with.
Yes, trust is critically important. We need to earn the trust of the members and the businesses that we deal with by ensuring that we handle their money in a secure, compliant fashion. If we aren’t able to ensure that a transaction won’t be comprised, it affects not only the member but the reputation of our business. It’s also important to be transparent about whatever happens, whether it’s a data breach or something else, to communicate that it’s happened and how it’s being resolved.
How do you ensure the safety of transactions?
We meet the very highest standards. For example, we don’t rely on instructions given by email. If, say, officers in a company change, we ask for written letters of authorization or updated LLC agreements to make any amendments. We’re carefully maintaining the record, from a legal perspective, of who’s authorized to do what and why.
Also, we have a dedicated team of information security professionals that monitors all of the traffic that comes in and goes out of the credit union for malware, for phishing, for malicious emails. They train all the staff on a quarterly basis to trust but verify. Plus, we have good, firsthand relations with our members, and therefore have a good sense of who they are. If something seems amiss, then we follow up on it. That happened just recently.
What happened?
A business was infiltrated by a provider that they use, and that individual or group gained access to the business’s email system and parked themselves there, amid all of the corporate dialogue that went on. That way, they learned the business and the players well enough to mimic their writing and try to gain access to the business’s finances.
Because we know our businesses so well, one of our staff members sensed that something didn’t quite feel right, that the tone of the email conversation was off. It bothered her to the point she picked up the phone and called the business to verify the authenticity of the email. That was when the hack attempt was discovered and shut down.
If it hadn’t been for that staff member picking up the phone, that business could have lost money …
Yes, thousands of dollars, maybe hundreds of thousands.
Also, if you’re hacked, your business could have to shut down.
That’s a problem as well. Not only can that damage your customers’ trust in you and affect your business’s reputation, you’re not making money when you’re not operating. And changing your IT infrastructure, your servers, your cellphones and so on, can mean a significant amount of time — and expense. Most businesses have insurance coverage for these types of things, but it’s important for a business to check in with their carrier on a regular basis to ensure that they have the appropriate coverage.
Are small businesses more vulnerable than larger businesses?
I think, to a degree they are. They’re more likely to get caught up in the type of breaches you see on the news, where a multitude of accounting information is stolen and then sold to third parties. Larger businesses are more susceptible to sophisticated attacks like malware being installed. But we’re seeing more and more deliberate hacks on businesses in general.
All businesses need to be vigilant in this environment. There is no total protection in terms of information security even if you use the industry’s best practices. You have to be sure to update your IT infrastructure, update your information security protocols, and make sure you’re dealing with someone who maintains their security standards. And, again, remain vigilant. It’s easy to get complacent.
Does the fact that so many people are working from home add to the challenge of ensuring information is protected? And what about the storing of information on the cloud?
Certainly, a remote working environment poses additional challenges. It gives a hacker many more points of entry, but there are designs that allow you to protect against hacks, like encrypted VPN connections for all communications. For the cloud, while the servers are in third-party hands, let’s say Amazon, but the information is still controlled by the companies or, in our case, the credit union’s IT professionals. So, it’s not altogether different than what’s been going on in the past.
What do you see ahead?
I’m worried. The world changes every day, and these folks are very tactical in their approaches to get access to information. We work every day to keep on top of that.
