These days, it’s no longer about “if” information security is a top priority for credit unions. It’s more a matter of “how” to improve information security amid a culture of ever-evolving malicious attacks and innovative tactics of cyber malfeasance.
Rather than one all-encompassing fix or singular technology, information security (also known as InfoSec) involves the strategies and tools used to detect and prevent breaches that threaten valuable data, such as customer information. Anyone working in a credit union IT department is familiar with the concept, but it’s essential for IT professionals to keep up with the trends and emerging technologies as data attackers persist and adapt.
Credit unions often are tasked with making things right for their members after a data breach occurs at a major retailer, restaurant or the like. That said, credit unions also must be vigilant about their own information security.
“Cyber security is a critical issue for credit unions, as some institutions have faced denial of service attacks, in addition to other cybercrimes that threaten to compromise the financial information of their members, especially with the growth of online commerce and banking,” according to the National Association of Federal Credit Unions’ 2015 Report. The NAFCU is calling for credit unions and other financial institutions to work together to combat security breaches.
A big reason for industry concern is fear among members. According to a October 2014 survey of NAFCU members, more than 60 percent of responding credit unions had been contacted by their members with questions about cyber security.
The Federal Financial Institutions Examination Council (FFIEC) prescribes the stringent formation regulations that help guide credit unions’ information security practices. To its credit, the FFIEC also provides ample materials that both inform credit unions and can serve as the backbone of a rock-solid security plan.
Key components of a strong information security strategy often include:
Clearly Defined Roles and Responsibilities — To mitigate risks, credit unions set up limitations on access and on the ability to perform unauthorized actions. From board members and managers to full-time employees and interns, everyone with access to the network should have only the amount of access they absolutely need.
Multiple Layers — “Financial institutions should design multiple layers of security controls to establish several lines of defense between the attacker and the asset being attacked,” according to the FFIEC.
Standards for Third Parties — Along with developing high-quality internal security procedures, it’s important for credit unions to establish and uphold reasonable standards for third parties. One information security misstep by an ancillary service provider can be disastrous for the organization.
Consistent Threat Assessments and Penetration Testing — Frequent, vigorous threat assessments and penetration testing by an outside source helps determine the strength of a credit union’s core infrastructure and various security technologies and processes.
Employee Training Sessions — Employees are the most frequent cause of information breaches, ranging from accidental errors to purposeful collaboration with hackers outside the company. Security training sessions and awareness programs are essential for educating employees about common security pitfalls and for deterring malicious activity.
Cloud-Based Support — Cloud-based support such as perimeter scanning, vulnerability testing, intrusion protection, secure wireless access, content filtering and usage monitoring is a valuable, cost-effective addition to the foundations of a credit union’s network architecture.
Overall, it takes vigilance on a variety of levels to improve information security for credit unions and, ultimately, their members.
In an industry long dominated by reward programs and new enrollee gifts, the world of member loyalty among credit union members truly is mirroring the progression of technology. The deeper that credit union managers dive into emerging applications and cloud-based tools, the more opportunities they’re discovering to create loyal members.
These days, just about everything is easier than it used to be. From purchasing music and renting movies to renewing automobile registration, cloud-based services are revolutionizing customer experiences across a multitude of industries.
Credit unions are no exception. Members are increasingly accustomed to going online to check their balance, transfer money and much more. In a world that is seemingly more fast-paced with each passing year, any service that helps people spend less time doing errands and more time enjoying life is a welcome tool.
As cybersecurity best practices and well-publicized breaches garner more and more attention, individuals and families are less likely than ever to choose and stay with a financial institution that they don’t consider highly secure. With people’s financial well-being stake, it’s understandable.
In fact, according to one recent study, 49 percent of respondents cited security concerns as an obstacle preventing them from increasing their use of online and mobile channels.
Credit unions are put through rigorous compliance steps, but every added layer of security helps keep an institution out of the news and in its members’ good graces. Many companies are leveraging technology partners and cloud-based services to build strength and safety.
Another aspect of peace of mind among members is trust that if a disaster strikes, their information will remain safe and accessible — and not a month later. Virtually no length of service disruption is considered acceptable.
With cloud-based software that provides failover from one cloud to another, credit unions can recover services in minutes rather than hours or even days it likely would take otherwise.
Gone are the days when the word “cloud” was new and somewhat unsettling to consumers. In 2016, people understand that cloud-based services are making their lives easier — and credit unions are realizing that effective technologies create loyal members.
Regardless of the industry, cybersecurity is becoming more important with each passing day. More and more enticing information is being stored digitally and shared via the Internet. Malicious attacks are increasingly covert and advanced. Deviant hackers are constantly innovating new schemes, making data breaches more common and potentially disastrous.
For financial institutions such as credit unions, the risks and potential ramifications of data breaches are more serious than in any other industry. Here are three reasons why cybersecurity should be top of mind for credit unions:
A National Association of Federal Credit Union survey in 2015 unearthed a handful of alarming cybersecurity statistics, including:
Costly data breaches such as the incidents at Target and at Home Depot not only grab headlines, but show that cybersecurity challenges are not going away anytime soon. The Wendy’s breach earlier this year seems to have hit credit unions particularly hard.
President Barack Obama and his administration have noticed, too. Obama’s recent Cybersecurity National Action Plan calls for a 35 percent increase in planned federal cybersecurity spending.
Considering the clear financial ramifications of data breaches, the National Credit Union Administration’s focus on strengthening its cybersecurity examinations makes perfect sense. But that realization alone doesn’t make the work that lies ahead for credit unions any easier.
The modern-day credit union needs to be prepared for questions about everything from electronic banking to information security programs and website compliance.
Credit unions can get ahead of the curve on these exams by benefiting from the NCUA’s hub of cybersecurity resources. Helpful tools include:
As the costs associated with high-end security technologies continue to soar, as does the need for information protection, the pressure mounts on credit union executives and managers to keep their networks cost-effective.
For example, a credit union with next-generation firewall technology can identify advanced malware and other malicious threats before they enter the network — adding a protective layer to the east-west data traffic that moves between machines and devices within a network. This is vital because 75 percent of all traffic in a typical network is of the east-west variety.
Unfortunately, next-gen firewalls with north-south (traffic that leaves and/or enters your network) and east-west capabilities typically require a minimum investment of $50K for software and hardware.
However, with innovative use of available security resources, credit union managers are finding ways to solidify security well within the scope of their budget. Solutions such as CUProdigy, a CUSO, that blend traditional network architecture with forward-thinking cloud platforms are making next-generation security much more attainable throughout the industry.
For credit unions, core conversions are the elephant in the room. It’s something the industry wants to avoid, largely because of associated costs, but that often needs to be done. But how do you know when a core conversion is necessary?
Here are 5 signs it’s time for a core conversion at your credit union:
The more outdated a credit union’s core software is, the more frequently the team will be prompted to download and install updates. In some cases employees are asked to check for these updates on a regular basis. Sometimes the updates end up being extremely important, such as solutions to major problems or bugs.
Core software updates can be cumbersome and time-intensive, and sometimes they simply don’t work — especially when the employee running the update doesn’t understand the process.
The best way to reduce the frequency of and boost the efficiency of required updates, ensure that software runs more smoothly, and bolster network security, is to make sure your credit union’s core software is a modern solution.
When a credit union’s core processor woes escalate from a mild nuisance to a hindrance to employee satisfaction, it’s time for a change — especially when the sentiment is pervasive throughout the organization.
When everyone from member-facing employees to upper management are having their essential duties disrupted on a regular basis, your credit union likely needs to begin researching first steps toward a core conversion.
There are a variety of ways in which core providers often do a disservice to credit unions. Some providers reduce support staff to such an extent that credit unions are negatively affected. Sometimes failure to meet expectations, fulfill promises or meet deadlines becomes a pattern. Even while the level of service by a core provider wanes, often costs soar.
When the price of core services clearly no longer matches what your credit union is receiving in return, a core conversion should be considered.
Many credit unions make the intelligent decision to schedule their core conversion to coincide with the rollout of new products and services aimed at improving member loyalty and satisfaction.
Whether changing the entire core system or deploying impressive new technologies to keep clients and employees happy, ups and downs are expected throughout the process. Working out these kinks all at once instead of at multiple junctures is the most prudent, time-efficient and cost-effective approach.
Every credit union ultimately answers to its members, whose experiences are made worse by trends such as:
On the back end of an outdated core system, credit union employees feel the pain with every cost-ineffective move they make. On the front end, community members certainly notice when their member experience fails to meet modern-day expectations.
That’s when it’s time for a core conversion.
CUProdigy is in the unique position to help Credit Unions ‘Advance Beyond’ by providing a core processing platform that puts the member experience first. CUProdigy empowers credit unions with a comprehensive solution that is both robust and scalable.
Small organizations w/ less than 100 employees [like CUs] were Disaster Recovery as a Service (DRaaS) early adopters. ~Gartner