WESTBURY, N.Y. (7/16/14)--Unless the goal of protecting sensitive data is paramount to a credit union's operation, it's likely not doing enough, according to a new white paper released Tuesday by the CUNA Technology Council.
The paper discusses the importance of financial institutions making cybersecurity a top priority, while also outlining the value of educating members, protecting their information, communicating effectively should a breach occur and understanding cybersecurity laws and regulations.
Called "Cybersecurity Preparedness: Taming the Shock and Awe of Big Breaches," it's the first white paper in a series of four scheduled for 2014 dedicated to security.
"These big security leaks show we need to take cybersecurity preparedness seriously and do more," said Kevin Prince, principal technology strategist for D+H Compushare, a CUNA Strategic Services alliance provider. "You'll never be 100% secure, but you have to manage it as carefully as possible with the appropriate tools."
The paper first calls on Bill Podborny, chief security officer of $8.2 billion-asset Alliant CU in Chicago, to describe "cybersecurity preparedness." Podborny believes to be prepared means identifying vulnerabilities, understanding where attacks may come from, taking steps to lessen or eliminate exposure and being prepared to respond to any situation as quickly as possible.
Authors of the paper illustrate how to make cybersecurity preparedness a core function of the credit union with examples of what credit unions are already doing to keep security strong.
At Michigan Tech Employees FCU, Houghton, Mich., with $60 million in assets, for example, leaders have dedicated resources that work specifically to bolster security, an action recommended by many U.S. regulatory bodies.
"At a certain point it makes sense to separate these departments to ensure security resources don't diminish in times when the IT department is fighting for the same resources," said Justin Store, information technology services director at Michigan Tech Employees FCU.
Finally, to strengthen cybersecurity, Prince suggests credit unions should:
- Realize what they're doing today likely isn't adequate, and won't be adequate tomorrow, as threats are constantly shifting and changing;
- Conduct regular and thorough cybersecurity risk assessments and document the findings;
- Mitigate risks as much as possible;
- Stay on top of current threats and future trends in cybersecurity; and
- Consider outsourcing to a community cloud arrangement for IT cybersecurity.
To download the white paper, use the link.