These days, it’s no longer about “if” information security is a top priority for credit unions. It’s more a matter of “how” to improve information security amid a culture of ever-evolving malicious attacks and innovative tactics of cyber malfeasance.
Rather than one all-encompassing fix or singular technology, information security (also known as InfoSec) involves the strategies and tools used to detect and prevent breaches that threaten valuable data, such as customer information. Anyone working in a credit union IT department is familiar with the concept, but it’s essential for IT professionals to keep up with the trends and emerging technologies as data attackers persist and adapt.
Credit unions often are tasked with making things right for their members after a data breach occurs at a major retailer, restaurant or the like. That said, credit unions also must be vigilant about their own information security.
“Cyber security is a critical issue for credit unions, as some institutions have faced denial of service attacks, in addition to other cybercrimes that threaten to compromise the financial information of their members, especially with the growth of online commerce and banking,” according to the National Association of Federal Credit Unions’ 2015 Report. The NAFCU is calling for credit unions and other financial institutions to work together to combat security breaches.
A big reason for industry concern is fear among members. According to a October 2014 survey of NAFCU members, more than 60 percent of responding credit unions had been contacted by their members with questions about cyber security.
The Federal Financial Institutions Examination Council (FFIEC) prescribes the stringent formation regulations that help guide credit unions’ information security practices. To its credit, the FFIEC also provides ample materials that both inform credit unions and can serve as the backbone of a rock-solid security plan.
Key components of a strong information security strategy often include:
Clearly Defined Roles and Responsibilities — To mitigate risks, credit unions set up limitations on access and on the ability to perform unauthorized actions. From board members and managers to full-time employees and interns, everyone with access to the network should have only the amount of access they absolutely need.
Multiple Layers — “Financial institutions should design multiple layers of security controls to establish several lines of defense between the attacker and the asset being attacked,” according to the FFIEC.
Standards for Third Parties — Along with developing high-quality internal security procedures, it’s important for credit unions to establish and uphold reasonable standards for third parties. One information security misstep by an ancillary service provider can be disastrous for the organization.
Consistent Threat Assessments and Penetration Testing — Frequent, vigorous threat assessments and penetration testing by an outside source helps determine the strength of a credit union’s core infrastructure and various security technologies and processes.
Employee Training Sessions — Employees are the most frequent cause of information breaches, ranging from accidental errors to purposeful collaboration with hackers outside the company. Security training sessions and awareness programs are essential for educating employees about common security pitfalls and for deterring malicious activity.
Cloud-Based Support — Cloud-based support such as perimeter scanning, vulnerability testing, intrusion protection, secure wireless access, content filtering and usage monitoring is a valuable, cost-effective addition to the foundations of a credit union’s network architecture.
Overall, it takes vigilance on a variety of levels to improve information security for credit unions and, ultimately, their members.
Regardless of the industry, cybersecurity is becoming more important with each passing day. More and more enticing information is being stored digitally and shared via the Internet. Malicious attacks are increasingly covert and advanced. Deviant hackers are constantly innovating new schemes, making data breaches more common and potentially disastrous.
For financial institutions such as credit unions, the risks and potential ramifications of data breaches are more serious than in any other industry. Here are three reasons why cybersecurity should be top of mind for credit unions:
A National Association of Federal Credit Union survey in 2015 unearthed a handful of alarming cybersecurity statistics, including:
Costly data breaches such as the incidents at Target and at Home Depot not only grab headlines, but show that cybersecurity challenges are not going away anytime soon. The Wendy’s breach earlier this year seems to have hit credit unions particularly hard.
President Barack Obama and his administration have noticed, too. Obama’s recent Cybersecurity National Action Plan calls for a 35 percent increase in planned federal cybersecurity spending.
Considering the clear financial ramifications of data breaches, the National Credit Union Administration’s focus on strengthening its cybersecurity examinations makes perfect sense. But that realization alone doesn’t make the work that lies ahead for credit unions any easier.
The modern-day credit union needs to be prepared for questions about everything from electronic banking to information security programs and website compliance.
Credit unions can get ahead of the curve on these exams by benefiting from the NCUA’s hub of cybersecurity resources. Helpful tools include:
As the costs associated with high-end security technologies continue to soar, as does the need for information protection, the pressure mounts on credit union executives and managers to keep their networks cost-effective.
For example, a credit union with next-generation firewall technology can identify advanced malware and other malicious threats before they enter the network — adding a protective layer to the east-west data traffic that moves between machines and devices within a network. This is vital because 75 percent of all traffic in a typical network is of the east-west variety.
Unfortunately, next-gen firewalls with north-south (traffic that leaves and/or enters your network) and east-west capabilities typically require a minimum investment of $50K for software and hardware.
However, with innovative use of available security resources, credit union managers are finding ways to solidify security well within the scope of their budget. Solutions such as CUProdigy, a CUSO, that blend traditional network architecture with forward-thinking cloud platforms are making next-generation security much more attainable throughout the industry.
CUProdigy is in the unique position to help Credit Unions ‘Advance Beyond’ by providing a core processing platform that puts the member experience first. CUProdigy empowers credit unions with a comprehensive solution that is both robust and scalable.