Cybersecurity Compliance

Cybersecurity is a systemic risk that affects all levels of business, government and ordinary people. It is such a high risk area for credit unions that the National Credit Union Administration (NCUA) placed cybersecurity as a top focus for exams. As the cybersecurity world continues to evolve, it's important that your credit union is prepared for possible threats. Be proactive and shield your credit union from the ever-changing cybersecurity universe now.

Below you'll find credit union resources for cybersecurity compliance, including an interactive cybersecurity assessment tool, insightful blog posts, articles and webcasts, to help you stay on top of this evolving issue.

Resources marked by * are member-only. If you are not a NAFCU member, learn more about membership.

Charts & Guides

• NAFCU FFIEC Cybersecurity Assessment Tool Workbook* (Updated 3/5/18)
  An editable, self-tallying file that allows credit unions to self-test cyber risk and readiness in a shareable format with a visual result.
• [SAMPLE] NAFCU FFIEC Cybersecurity Assessment Tool Workbook
  Not a NAFCU member? Download a sample workbook to calculate your credit union's inherent risk profile for delivery channels and cybersecurity maturity for threat intelligence and collaboration.
• FinCEN Cyber Threats Advisory (October 25, 2016)
• FinCEN FAQs Regarding the Reporting of Cyber-Events, Cyber-Enabled Crime, and Cyber-Related Information through Suspicious Activity Reports (October 25, 2016)

Articles

• The Before and After of the Equifax Breach*
• FFIEC 2016 Updates to the IT Handbook*
• Data Security Breaches at the Hands of Retailers, But at the Expense of Credit Unions: A Review of Current Litigation and Legislation*
• FFIEC Updates the Management Section of the IT Handbook*
• Getting a Head Start on Cybersecurity Exam Preparation*

NAFCU Compliance Blog Posts

• CFPB Issues Consumer Protection Principles on Data Sharing (November 13, 2017)
• Untangling Service Provider Breaches (October 13, 2017)
• After the Equifax Epic Data Breach Fail - What Next? (September 15, 2017)
• New York's DFS Final Cybersecurity Requirements – Will Others Follow? (July 28, 2017)
• Updated FFIEC Cybersecurity Assessment Tool (June 9, 2017)
• Hackers Access Billions of Records: Are your Members Protected? (April 7, 2017)
• Massive Cyberattack on Netflix and others; FFIEC Cybersecurity Assessment Tool FAQs; ANPR on Enhanced Cyber Risk Management Standards (October 26, 2016)
• FFIEC Statement on Risk Assessment and Controls for Interbank Messaging and Wholesale Payment Networks (June 13, 2016)
• Preparing for a Data Breach: Cybersecurity Factors Credit Unions Should Consider; CFPB's Updates to eRegulations (June 8, 2016)
• PCI DSS Version 3.2! (May 23, 2016)
• UDAAP Extends to Data Security (April 6, 2016)

Follow all Cybersecurity-related blog posts on The NAFCU Compliance Blog