These days, it’s no longer about “if” information security is a top priority for credit unions. It’s more a matter of “how” to improve information security amid a culture of ever-evolving malicious attacks and innovative tactics of cyber malfeasance.
Rather than one all-encompassing fix or singular technology, information security (also known as InfoSec) involves the strategies and tools used to detect and prevent breaches that threaten valuable data, such as customer information. Anyone working in a credit union IT department is familiar with the concept, but it’s essential for IT professionals to keep up with the trends and emerging technologies as data attackers persist and adapt.
Why InfoSec for Credit Unions Matters More Than Ever
Credit unions often are tasked with making things right for their members after a data breach occurs at a major retailer, restaurant or the like. That said, credit unions also must be vigilant about their own information security.
“Cyber security is a critical issue for credit unions, as some institutions have faced denial of service attacks, in addition to other cybercrimes that threaten to compromise the financial information of their members, especially with the growth of online commerce and banking,” according to the National Association of Federal Credit Unions’ 2015 Report. The NAFCU is calling for credit unions and other financial institutions to work together to combat security breaches.
A big reason for industry concern is fear among members. According to a October 2014 survey of NAFCU members, more than 60 percent of responding credit unions had been contacted by their members with questions about cyber security.
How to Improve Credit Union Information Security
The Federal Financial Institutions Examination Council (FFIEC) prescribes the stringent formation regulations that help guide credit unions’ information security practices. To its credit, the FFIEC also provides ample materials that both inform credit unions and can serve as the backbone of a rock-solid security plan.
Key components of a strong information security strategy often include:
Clearly Defined Roles and Responsibilities — To mitigate risks, credit unions set up limitations on access and on the ability to perform unauthorized actions. From board members and managers to full-time employees and interns, everyone with access to the network should have only the amount of access they absolutely need.
Multiple Layers — “Financial institutions should design multiple layers of security controls to establish several lines of defense between the attacker and the asset being attacked,” according to the FFIEC.
Standards for Third Parties — Along with developing high-quality internal security procedures, it’s important for credit unions to establish and uphold reasonable standards for third parties. One information security misstep by an ancillary service provider can be disastrous for the organization.
Consistent Threat Assessments and Penetration Testing — Frequent, vigorous threat assessments and penetration testing by an outside source helps determine the strength of a credit union’s core infrastructure and various security technologies and processes.
Employee Training Sessions — Employees are the most frequent cause of information breaches, ranging from accidental errors to purposeful collaboration with hackers outside the company. Security training sessions and awareness programs are essential for educating employees about common security pitfalls and for deterring malicious activity.
Cloud-Based Support — Cloud-based support such as perimeter scanning, vulnerability testing, intrusion protection, secure wireless access, content filtering and usage monitoring is a valuable, cost-effective addition to the foundations of a credit union’s network architecture.
Overall, it takes vigilance on a variety of levels to improve information security for credit unions and, ultimately, their members.