3 Ways to Improve Your Credit Union’s Cybersecurity
By Bob Thibodeaux, Chief Information Security Officer, DefenseStorm
With increased digitization in everyday life, financial institutions know that strong cybersecurity is critical. Rapidly evolving technology and subsequent security measures must align, but how can credit unions do more to improve their cybersecurity maintenance?
1. Involve the Whole Organization. Years ago, anything related to technology siloed in the IT department. Now, everyone from risk teams, top-level management, and front-line employees needs to possess at least a general awareness of how criminals can infiltrate their systems. Structural changes and cross-team collaboration are necessary to continue cybersecurity improvements across a credit union’s entire network.
For example, a chief information security officer set up a VPN (virtual private network) for more employees of her bank to work from home when the coronavirus pandemic hit. As a part of the rollout, a multi-factor authentication upgrade was introduced, which she feared would cause substantial backlash. “I expected a lot more pushback from the team,” she said, “and got none. Everyone, including the displaced tellers, were receptive and understanding of the need for better remote access security.”
2. Keep on Top of Compliance. Cybersecurity implementation requirements have become clearer for credit unions. The Cybersecurity Assessment Tool created by the Federal Financial Institutions Examination Council provides guidelines to help credit unions determine their cybersecurity readiness, such as ability to identify and control causes of a cyberattack and ensure proper threat assessment. While the CAT framework itself is voluntary, ensuring your credit union is in compliance with it is an excellent start.
3. Use Rigor in Selecting Cloud Partners. As more financial institutions turn toward cloud-based services, the growth of cyberattacks aimed at the cloud has increased. One area in particular that has created major cybersecurity problems for financial institutions has been small fintech partners that could struggle to maintain cybersecurity compliance, or are not always transparent with clients. If your credit union plans to make the cloud a part of your business, vet them vigorously.
Credit unions must stay vigilant about cybersecurity and ensure everyone from staff to third-party vendors is on the same page when it comes to guidelines and regulations. As long as everything and everyone is kept up-to-date, you will have fewer reputation risk concerns, so you can carry on with serving your members.