- Ergonomic office chair;
- Office desk;
- Monitor/screen;
- Mouse and keyboard;
- Proper lighting; and
- Work area free of hazards.
The risk alert states that ergonomics is all about finding the right (comfortable) match between an individual and their work environment, and by helping remote employees create an ergonomically friendly workplace and a well-arranged workstation, employers can enhance an employee’s productivity and comfort. In addition, it can also minimize some of the same hazards as on-site staff members while helping to eliminate discomfort.
Further, workstations should accommodate the materials and equipment employees need, and they should be encouraged to experiment with the placement of their keyboard, screen and other items to find the arrangement that works best for them.
Courtesy of NYCUA
Letter to Credit Unions 22-CU-06: NCUA to Begin Phase 2 of Resuming Onsite Operations
April 2022
Based on new guidance from the Centers for Disease Control and Prevention (CDC) and the Safer Federal Workforce Task Force, the NCUA will enter the second phase (Phase 2) of resuming its onsite operations on April 11, 2022.
Letter to Credit Unions 22-FCU-02: Final Rule on Definition of Service Facility
March 2022
The final rule amending the definition of “service facility” for multiple common-bond FCUs became effective December 27, 2021. The final rule provides that shared locations are service facilities for purposes of multiple common-bond FCU additions of groups and/or underserved areas, regardless of whether the FCU has an ownership interest in the shared branching network providing the locations. Qualifying shared locations include electronic facilities offering required services such as video teller machines.
NCUA Risk Alert: 22-RISK-01 Heightened Risk of Social Engineering and Phishing Attack
March 2022
The on-going conflict in Ukraine has raised concerns about potential cyberattacks in the U.S., including those against the financial services sector. All credit unions and vendors, regardless of size, are potential targets for cyberattacks, like social engineering and phishing attacks, and must remain vigilant. Credit unions should report any cyber incidents to the NCUA, your local FBI field office or the Internet Crime Complaint Center, and the Cybersecurity and Infrastructure Security Agency (CISA).
The on-going conflict in Ukraine has raised concerns about potential cyberattacks in the U.S., including those against the financial services sector. All credit unions and vendors, regardless of size, are potential targets for cyberattacks, like social engineering and phishing attacks, and must remain vigilant. Credit unions should report any cyber incidents to the NCUA, your local FBI field office or the Internet Crime Complaint Center, and the Cybersecurity and Infrastructure Security Agency (CISA).
Phishing is a technique that uses email or malicious websites to solicit personal information or to get victims to download malicious software by posing as a trustworthy entity. Another variant of phishing, known as smishing, uses SMS or other text messaging applications to get victims to click on malicious links to achieve similar goals to email phishing. NCUA’s Risk Alert outlines common indicators to watch out for along with tips to avoid being a victim of phishing.
The NCUA encourages credit unions to review CISA’s Shields-Up website, which provides information about cybersecurity threats, including several resources and mitigation strategies. The NCUA recently created the Automated Cybersecurity Evaluation Toolbox or ACET, a free tool for federally insured credit unions to use when evaluating their levels of cybersecurity preparedness. The ACET is a downloadable, standalone app developed to be a holistic cybersecurity resource for credit unions.
Additional cybersecurity resources are also available at www.ncua.gov/cybersecurity.
Read the Risk Alert in its entirety here
(Oct. 22, 2021) Speaking of cybersecurity: Use of cloud-based email services are proving to be targets for cybercriminals, and credit unions need to take steps to thwart any exploitation and take preventative steps, NCUA said this week.
In Risk Alert 21-RISK-01, the agency said phishing emails designed to steal account credentials through cloud-based email services have proven to be among the most effective types of business email compromise (BEC) scams. The agency said that action occurs by cybercriminals using phishing kits to target victims on cloud-based services, analyze accounts, impersonate email communications, fraudulently demand (and receive) payments, compromise address books, send more phishing emails — and more.
The risk alert listed 12 methods credit unions may take to prevent BEC fraud; the top three are: Enable multi-factor authentication for all email accounts; disable basic or legacy account authentication that does not support multi-factor authentication; use caution when posting information on social media and company websites, especially job duties and descriptions, hierarchal information, and out-of-office details.
The risk alert also notes wire transfer fraud incidents are also increasing, as more transactions through virtual environments have tilted that way. The alert lists a number of operational, transactional, and physical and logical controls for limiting wire fraud risk and incidents.
LINK:
NCUA issued the first Risk Alert of 2019 to remind credit unions of the risks related to Business Email Compromise (BEC) fraud and steps that institutions should consider in order to mitigate the risk of falling prey to such scams.
NASCUS Legislative & Regulatory affairs staff summarized the alert and it can be found here.