These days, it’s no longer about “if” information security is a top priority for credit unions. It’s more a matter of “how” to improve information security amid a culture of ever-evolving malicious attacks and innovative tactics of cyber malfeasance.
Rather than one all-encompassing fix or singular technology, information security (also known as InfoSec) involves the strategies and tools used to detect and prevent breaches that threaten valuable data, such as customer information. Anyone working in a credit union IT department is familiar with the concept, but it’s essential for IT professionals to keep up with the trends and emerging technologies as data attackers persist and adapt.
Credit unions often are tasked with making things right for their members after a data breach occurs at a major retailer, restaurant or the like. That said, credit unions also must be vigilant about their own information security.
“Cyber security is a critical issue for credit unions, as some institutions have faced denial of service attacks, in addition to other cybercrimes that threaten to compromise the financial information of their members, especially with the growth of online commerce and banking,” according to the National Association of Federal Credit Unions’ 2015 Report. The NAFCU is calling for credit unions and other financial institutions to work together to combat security breaches.
A big reason for industry concern is fear among members. According to a October 2014 survey of NAFCU members, more than 60 percent of responding credit unions had been contacted by their members with questions about cyber security.
The Federal Financial Institutions Examination Council (FFIEC) prescribes the stringent formation regulations that help guide credit unions’ information security practices. To its credit, the FFIEC also provides ample materials that both inform credit unions and can serve as the backbone of a rock-solid security plan.
Key components of a strong information security strategy often include:
Clearly Defined Roles and Responsibilities — To mitigate risks, credit unions set up limitations on access and on the ability to perform unauthorized actions. From board members and managers to full-time employees and interns, everyone with access to the network should have only the amount of access they absolutely need.
Multiple Layers — “Financial institutions should design multiple layers of security controls to establish several lines of defense between the attacker and the asset being attacked,” according to the FFIEC.
Standards for Third Parties — Along with developing high-quality internal security procedures, it’s important for credit unions to establish and uphold reasonable standards for third parties. One information security misstep by an ancillary service provider can be disastrous for the organization.
Consistent Threat Assessments and Penetration Testing — Frequent, vigorous threat assessments and penetration testing by an outside source helps determine the strength of a credit union’s core infrastructure and various security technologies and processes.
Employee Training Sessions — Employees are the most frequent cause of information breaches, ranging from accidental errors to purposeful collaboration with hackers outside the company. Security training sessions and awareness programs are essential for educating employees about common security pitfalls and for deterring malicious activity.
Cloud-Based Support — Cloud-based support such as perimeter scanning, vulnerability testing, intrusion protection, secure wireless access, content filtering and usage monitoring is a valuable, cost-effective addition to the foundations of a credit union’s network architecture.
Overall, it takes vigilance on a variety of levels to improve information security for credit unions and, ultimately, their members.
In an industry long dominated by reward programs and new enrollee gifts, the world of member loyalty among credit union members truly is mirroring the progression of technology. The deeper that credit union managers dive into emerging applications and cloud-based tools, the more opportunities they’re discovering to create loyal members.
These days, just about everything is easier than it used to be. From purchasing music and renting movies to renewing automobile registration, cloud-based services are revolutionizing customer experiences across a multitude of industries.
Credit unions are no exception. Members are increasingly accustomed to going online to check their balance, transfer money and much more. In a world that is seemingly more fast-paced with each passing year, any service that helps people spend less time doing errands and more time enjoying life is a welcome tool.
As cybersecurity best practices and well-publicized breaches garner more and more attention, individuals and families are less likely than ever to choose and stay with a financial institution that they don’t consider highly secure. With people’s financial well-being stake, it’s understandable.
In fact, according to one recent study, 49 percent of respondents cited security concerns as an obstacle preventing them from increasing their use of online and mobile channels.
Credit unions are put through rigorous compliance steps, but every added layer of security helps keep an institution out of the news and in its members’ good graces. Many companies are leveraging technology partners and cloud-based services to build strength and safety.
Another aspect of peace of mind among members is trust that if a disaster strikes, their information will remain safe and accessible — and not a month later. Virtually no length of service disruption is considered acceptable.
With cloud-based software that provides failover from one cloud to another, credit unions can recover services in minutes rather than hours or even days it likely would take otherwise.
Gone are the days when the word “cloud” was new and somewhat unsettling to consumers. In 2016, people understand that cloud-based services are making their lives easier — and credit unions are realizing that effective technologies create loyal members.
For credit unions, core conversions are the elephant in the room. It’s something the industry wants to avoid, largely because of associated costs, but that often needs to be done. But how do you know when a core conversion is necessary?
Here are 5 signs it’s time for a core conversion at your credit union:
The more outdated a credit union’s core software is, the more frequently the team will be prompted to download and install updates. In some cases employees are asked to check for these updates on a regular basis. Sometimes the updates end up being extremely important, such as solutions to major problems or bugs.
Core software updates can be cumbersome and time-intensive, and sometimes they simply don’t work — especially when the employee running the update doesn’t understand the process.
The best way to reduce the frequency of and boost the efficiency of required updates, ensure that software runs more smoothly, and bolster network security, is to make sure your credit union’s core software is a modern solution.
When a credit union’s core processor woes escalate from a mild nuisance to a hindrance to employee satisfaction, it’s time for a change — especially when the sentiment is pervasive throughout the organization.
When everyone from member-facing employees to upper management are having their essential duties disrupted on a regular basis, your credit union likely needs to begin researching first steps toward a core conversion.
There are a variety of ways in which core providers often do a disservice to credit unions. Some providers reduce support staff to such an extent that credit unions are negatively affected. Sometimes failure to meet expectations, fulfill promises or meet deadlines becomes a pattern. Even while the level of service by a core provider wanes, often costs soar.
When the price of core services clearly no longer matches what your credit union is receiving in return, a core conversion should be considered.
Many credit unions make the intelligent decision to schedule their core conversion to coincide with the rollout of new products and services aimed at improving member loyalty and satisfaction.
Whether changing the entire core system or deploying impressive new technologies to keep clients and employees happy, ups and downs are expected throughout the process. Working out these kinks all at once instead of at multiple junctures is the most prudent, time-efficient and cost-effective approach.
Every credit union ultimately answers to its members, whose experiences are made worse by trends such as:
On the back end of an outdated core system, credit union employees feel the pain with every cost-ineffective move they make. On the front end, community members certainly notice when their member experience fails to meet modern-day expectations.
That’s when it’s time for a core conversion.
Technology is constantly changing before our eyes—even missing a few weeks of tech news could contain the latest info on the development of flying cars, or a sneak peek of Sony’s new gaming console. We’re in a similar situation with the software running on our desktops, phones, and tablets; they are constantly changing.
Update notifications are all around us, but why? In most cases, the changes are just improvements to existing features. However, sometimes updates fix major problems and bugs, and they’re implemented to improve the stability and security of the application or program, which makes you think twice about ignoring the notifications.
Credit unions experience these updates to their core software on a regular basis; however, if a credit union is using old core software, these “updates” can be a real pain. Updates require users to download and install the changes, which takes time. It’s also standard procedure to manually check for updates, which is cumbersome in and of itself. In addition, software updates take up space on the server, and if users fail to install, their credit union will suffer.
Ignoring updates may prevent customer data from remaining secure or reliable. The older the software, typically the less developers are interested in upkeep and maintenance. The original developers may not even be working on the software anymore to develop necessary security patches that keep cores safe. Given the sensitivity of the data stored in credit unions’ core software, data can’t afford to be compromised.
Another problem with running old core software is that credit unions may run into compatibility issues with newer technology. As credit unions continue to invest in more recent technology, they may find that an out-of-date core creates compatibility concerns as systems don’t match up.
For those in the credit union industry, efficiency is key. Utilizing old core software means that features and functionality won’t be as proficient as they could be—ultimately hurting productivity.
New software tends to offer users more options and more opportunities to customize to meet their specific needs. Older cores remain less flexible, meaning that the user interface isn’t as navigable or effective.
Inadequate Disaster Recovery
Without a plan in place, credit unions with old core software may find themselves in a real predicament when disaster strikes or their server crashes. Where will data be stored and will there be any potential data loss? How long will it take before data can be accessed? If the answers to these questions are: yes, there may be data loss, and it may take longer than even a few hours to access, credit unions can expect to have some very frustrated members.
Poor (or No) Customer Service
A solid support staff is key to any great business—software shouldn’t be any different. Old cores may have a limited customer service staff to rely on, or even worse, none at all. So where do credit unions turn for technical assistance? Old developers? In-house IT staff?
At the end of the day, an out-of-date core at your CU prevents you from providing an efficient tool to employees and offering a secure product to members. Having current core software is the bottom line—and it’s vital to the bottom line of your credit union. Not only is your data more secure and reliable with a current core, but credit union employees will be more productive and efficient with core software that runs smoothly. This ultimately translates into great service and improved member satisfaction, which is what it’s all about.
You know those times when you’re working on something real important? Your eyes are glued to that computer screen and your fingers are furiously clicking away at your keyboard as that ominous deadline approaches. It mocks your desperate plea for more time as it creeps up with undeterred determination. Then it happens.
The blue screen of death appears. You know what we’re talking about—your computer just froze and you haven’t saved in hours.
You pray that with a restart, a recovered document will appear. But what if doesn’t? Back to square one.
Yet, what if getting back to square one isn’t quite that simple? The same hopelessness can be felt among credit unions without an adequate disaster recovery plan, except they’ll have a lot of frustrated members to deal with, not just self wallowing because they didn’t hit save.
This could have been the case for Pocatello Teachers Federal Credit Union (now ISU Credit Union). This $17M CU started a June day just like any other—then their core software server stopped working unexpectedly and all access to the system ceased.
With the CU manager at lunch, the rest of the staff started gearing up to deal with the most pressing issues—hand-writing receipts and dealing with members who were understandably less than happy with the situation.
When staff reached Credit Union CEO, Melanie DeLashmutt, on her lunch break, her initial concerns centered on the potential loss of data and accommodating potentially irritated members. Turning to her data processor for help, she immediately called us.
DeLashmutt asked for our assistance with the situation. With a little diagnosis from our support team, it became clear that the server was the problem. CUDP then contacted the manufacturer, and although the system was under warrantee support, the manufacturer indicated that it still might take several days to diagnose and resolve the problem.
Unlike a frozen computer, how do you deal with the potential loss of an entire credit union’s data? What’s more, how do you deal with the challenge of putting a credit union’s business on hold for two to three days? Well, you turn to your disaster recovery plan and hope that the time, effort and money you put into it will now pay dividends.
Fortunately for Pocatello Teachers FCU, CUDP offers, as an available support feature, one of the very best disaster recovery systems in the industry for a very nominal cost. Even though Pocatello Teachers FCU operates an ‘in-house’ deployment of CUDP’s processing system, CUDP replicates all of their credit union’s data to two additional off-site locations, in real time. Once CUDP had been made aware of the situation, they quickly invoked the disaster recovery plan and setup an access to the replicated data at one of the off-site locations. Within 45 minutes of receiving the call, CUDP had established a secure connection for Pocatello Teachers to their replicated data and the credit union was back to business as normal without losing any transactions.
In retrospect, CEO Melanie DeLashmutt, stated “When our server crashed, I feared the worst—lost data, angry and frustrated members, irritated employees, etc. But CUDP had us up and running in less than an hour—with absolutely no data loss. It was really quite amazing!” DeLashmutt went on to add that in all her years in the credit union industry, she had never experienced anything like it.
Hit the save button for your credit union—invest in a comprehensive disaster recovery solution.
Change is good. Change is exciting and optimistic, but change can also be worrisome, stressful, and disconcerting to say the least. A client of ours recently experienced the range of emotions that comes with any change as they converted to our CUProdigy Core Processing System.
Idaho State University Credit Union, which possesses about $130 million in assets, made the transition to our core software earlier this month. In addition to converting to a new core, ISUCU simultaneously merged the members and assets of Pocatello Teacher’s Credit Union as well. Though this was a daunting task for everyone involved, this undertaking was successful due to excellent cooperation and teamwork from the staff at Idaho State University CU and the CUDP conversion team.
Idaho State University Credit Union CEO, Robert Taylor, praised the recent conversion: “Good job and thanks to everyone for their diligence in helping our members this week during the conversion. If this was your first core system conversion, you may not fully appreciate just how well this conversion went. …this was by far the easiest conversion I have ever experienced…my hat’s off to CUDP for how quickly they responded to unforeseen errors that were fixed immediately.”
As a leading provider of credit union software and support, we are excited to add ISUCU and their entire staff to our CUSO. It is our main goal to successfully bring new credit unions onto the CUProdigy System and watch as they offer improved member experience and increase their level of service. Across the board, change proved to be a good thing– this conversion was a total success!
-Craig Peterson, Director of Marketing, CUDP
Late 2012 brought Hurricane Sandy to the shores of the east coast. This catastrophe made a huge impact on the New York area, causing people to lose power for days. Another consequence of this outage was the effect on the credit union branches in the area. Many members lost access to their accounts, and more than 14,000 did not get their usual paycheck deposits in time to pay bills. Truth is, these disasters can strike anytime, which is why it’s vital to be prepared.
Robert McGarvey of the Credit Union Times stated shortly after Hurricane Sandy that “every credit union needs a disaster recovery plan.” We couldn’t agree more, which is why disaster recovery is something that has been our focus from the very beginning. When we started developing our latest core processing software, we did it with the mindset that disasters are always an unexpected event, so the only way to be fully prepared is with an adequate disaster recovery system.
We knew that a DR system needed to be reliable, yet realistic in the face of disaster. Our CUProdigy system provides access to CU information within 45 minutes from any computer that can get an Internet connection. Once connected, every keystroke is replicated in five locations in real time. Between these backup sites, at least one location is more than 100 miles from the credit union, ensuring the safety and protection of your information.
To us, providing this type of reliability and dependability in a core solution is the only way to protect your credit union from those unexpected events. In the event that your credit union is disrupted, you and your members can rest assure as they can continue to make transfers, receive direct deposit, or make a change to their account. Since all of our backups are accessed through the browser, setting up a temporary teller station at a secure location is quick and easy. This type of security is what builds trust to members.
We are all familiar with the phrase, “You get what you pay for.” In other words, the more you pay for something, the better the quality should be. But is it true?
The answer to that question is typically, yes. However, are there some situations where you can get a lot, for less than you thought? If you answered no, then please read on.
When it comes to purchasing a core platform for a credit union, the expenses are always going to be of concern. Not only does the solution need to be purchased, but the hardware (servers, work stations, etc.) requirements can sometimes be as much as the software.
At CUDP we set out to change this. We built our CUProdigy core solution from the ground up with the credit unions in mind, and here’s how:
So, let me ask the question again: are there some situations where you can get a lot for paying less? The answer is yes. Our core solution is here to reduce your costs while still providing a high quality product that provides all of the functionality you need at your credit union. How’s that for a good deal?
CUProdigy is in the unique position to help Credit Unions ‘Advance Beyond’ by providing a core processing platform that puts the member experience first. CUProdigy empowers credit unions with a comprehensive solution that is both robust and scalable.