Newsroom

August 16, 2012

Webcast highlights cyber security tips

Credit unions must have strong, well-defined policies in place for addressing cyber threats, and those policies must be applied to all vendors and business partners, computer security expert Randy Romes said in a NAFCU webcast Wednesday.

The webcast, "Security Incident Response: Lessons Learned," gave participants an overview of the current online threat environment and offered practical steps that can be taken to bolster security systems. Romes, a principal with consulting firm LarsonAllen LLP, led the discussion.

Romes noted a report from TrustWave Intrusion Analysis showing that 76 percent of compromised systems are managed by a third party. The study found that it can take sometimes as long as one and a half years before the attackers are detected. Once they infiltrate a system,attackers have little reason to think they will be detected, he said.

To better protect themselves from cyber attacks, Romes recommended that credit unions:

  • require vendor systems to be at least as secure as your own system;
  • manage and test wireless networks to ensure they are secure;
  • identify vulnerabilities and risks at each component of the mobile banking
    platform via a risk assessment;
  • implement centralized audit logging, analysis, and automated alerting capabilities; and
  • establish a defined incident response plan and procedures

The webcast will be available to view until Aug. 15, 2013. To access NAFCU's webcast archive and view a list of upcoming webcasts, visit NAFCU's webcast page.