NAFCU Services Blog

Nov 15, 2019

Part 3: An Executive’s 3-Point Checklist for Cybersecurity

By Steve Soukup, Chief Revenue Officer, DefenseStorm

In Part 2 of this series, we talked about establishing an information security policy, business continuity plan, and incident response plan.

"People are the weakest link and the strongest defense..."Here, we’re going to talk about the third and final point on your checklist for cybersecurity: establishing a new way of thinking. You can’t be cybersecure without being cybercompliant. Credit unions are held to a higher regulatory standard than other industries; therefore, it’s important to understand the baseline expectations and strive to evolve beyond them. There are multiple tools and manual processes available, which can be complex and resource-intensive, so be prepared. And remember, people are the weakest link and the strongest defense, so be sure to identify ways to strengthen your security culture.

Let’s review.

To get started on your cybersecurity journey, start with educating and testing your team. Make sure they have copies of the policies you have in place and ensure they understand them, especially fundamentals such as email and internet usage.

Then, get prepared: create or verify your credit union’s written information security policy, business continuity plan, and incident response plan. Consider hiring a 3rd party for vulnerability assessment and penetration testing.

Lastly, meet with your Board of Directors to discuss expectations, strategies and investments. Cybersecurity is a broad topic, but using the frameworks and tools outlined above can be helpful in taking the mystery out of it.

Download the 3-Point Checklist for Cybersecurity to stay ahead of bad actors.

3-Point Checklist for Cybersecurity

About the Author