Newsroom
FFIEC guidance, layered security detailed for CUs
Romes explained key points in the FFIEC's recent guidance on online authentication. – NAFCU photo |
Dec. 15, 2011 – Periodic risk assessments addressing the online threat environment are a major focus of the Federal Financial Institutions Examination Council's latest guidance for authentication of those accessing accounts online, NAFCU webcast participants learned Wednesday.
The webcast, which featured computer security expert Randy Romes of LarsonAllen LLP, provided credit unions with an in-depth look at FFIEC guidance issued June 27. The guidance takes effect Jan. 1.
Romes discussed some of the risks tied to online accounts.Phishing and malware attacks, for example, are one way criminalsobtain members' usernames and passwords, which can then be usedto conduct wire transfers from members' accounts. To help combat this and other current online scams, the guidance says credit unions should conduct risk assessments each time there is a change in vendor or procedure related to their online systems. "It's an ongoing process," Romes said. He added the guidance also stresses the importance of using multiple factors and layering security methods for authenticating access to online systems.
Simple challenge questions are no longer acceptable as the only authentication method because it is too easy to get member information from websites such as Facebook or LinkedIn.com, he said.
Romes also highlighted the importance of educating credit union members about current online threats and encouraging business account holders to periodically check their end of the payments system for vulnerabilities.
Wednesday's webcast will be available on demand for six months. Romes will discuss the FFIEC guidance in greater detail at NAFCU's 2012 Technology and Security Conference set for Feb. 14-16 in Las Vegas. Early registration discounts for the conference end Jan. 6. Credit unions can also look forward to the January/February 2012 issue of The Federal Credit Union magazine for an article on the topic.
Share This
Related Resources
Resiliency In Your Incident Response Plan
Cybersecurity
preferred partner
DefenseStorm
Blog Post
The Bottom Line on Insurance Tracking and Collateral Protection
Strategy
preferred partner
Allied Solutions
Blog Post
Add to Calendar 2024-04-15 09:00:00 2024-04-15 09:00:00 Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs Listen On: Key Takeaways: [03:50] With the merger of a smaller credit union into a larger one you are really only dealing with integrating staff into the larger credit union. [05:53] When working with a merger of equals we start with a deep dive into the executive compensation and benefits of each organization. [09:09] If your current executive benefits provider doesn’t conduct regular plan evaluations, consider having a plan audit anyway. [13:46] Don’t overpay for these things if you don’t have to. When you have more options available that means the cost is more appropriate. [17:11] It is in a unified organization’s best interest to do tier timelines where we look at your top executives who are critical to the unified organization’s success today and then slowly add in the next levels. Web NAFCU digital@nafcu.org America/New_York public
Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs
preferred partner
Gallagher
Podcast
Add to Calendar 2024-04-11 14:00:00 2024-04-11 14:00:00 Regulation E: Impacts Across Your Institution Dive into regulatory excellence with, Regulation E: Impacts Across Your Institution. This webinar is tailored to empower you with the knowledge and strategies necessary to effectively implement the Electronic Funds Transfer Act (EFTA) and Regulation E within your operations. You’ll explore how to apply Regulation E across various business areas to ensure compliance obligations are met with precision. Key Takeaways Learn the basics of EFTA and Regulation E Understand how to apply Regulation E at your organization to detect processes and transactions that require Regulation E compliance Discover how Regulation E may apply to a large breath of areas in your institutions and functions for which you may rely on third-party vendors Review recent enforcement activity for non-compliance with EFTA and Regulation E Register Now $295 Members | $395 Nonmembers(Additional $50 for USB)One registration gives your entire team access to the live webinar and on-demand recording until April 11, 2025Go to the Online Training Center to access the webinar after purchase » Who Should Attend NCCOs NCRMs Compliance and risk titles Education Credits NCCOs will receive 1.0 CEUs for participating in this webinar NCRMs will recieve 1.0 CEUs for participating in this webinar Web NAFCU digital@nafcu.org America/New_York public
Regulation E: Impacts Across Your Institution
Credits: NCCO, NCRM
Webinar
Get daily updates.
Subscribe to NAFCU today.