Feb. 21, 2013 – NCUA released guidance Wednesday to help credit unions effectively address cybersecurity threats, a key focus of NAFCU’s five-point plan for credit union regulatory relief.
NAFCU’s five-point plan calls on Congress to take a 21st century approach to data security. Specifically, it is pressing for national standards on data security, liability if such standards are not met and immediate notification to financial institutions and their account holders when breaches occur.
NCUA 13-Risk-01 discusses risk mitigation measures and how to monitor for threats of Internet-based outages, including distributed denial-of-service attacks and other cyber crimes. NCUA is also encouraging credit unions to voluntarily file a suspicious activity report in the event of a DDoS attack and participate in information-sharing organizations, including industry trade groups and the Financial Services Information Sharing and Analysis Center.
The president has called on Congress to do more on cybersecurity. Meanwhile, he has signed an executive order that addresses information sharing, privacy and the development of voluntary standards with industry partners. In connection with that order, the National Institute of Standards and Technology is developing a cybersecurity framework that would involve voluntary standards. (Get the full description and submit comments here.)
NCUA’s guidance directs credit unions hit by DDoS or other cyber-terror attacks to notify their NCUA regional office or state supervisory authority. Credit unions must also follow notification procedures outlined in NCUA Rules and Regulations Part 748 Appendix B, Response Programs for Unauthorized Access to Member Information when applicable.
NAFCU is urging credit unions to take the appropriate steps to be prepared for cyber attacks. Those will be addressed Feb. 26-18 during NAFCU’s Technology and Security Conference in Austin, Texas. Register today.