While limited budgets and a lack of information technology (IT) resources often hinder what security products, services, and practices credit unions can put forth, a comprehensive security approach that bolsters defenses and ensures business and member data remains safe and compliant is not out of reach.
Budgets control many aspects of our business and personal lives, yet somehow we manage, right? Think of security as something you can achieve regardless of what you can spend on it and how many experts you have in your organizations that can dedicate mind share and energy to it.
Here are five considerations to help you inherit this mindset and achieve premier security:
1. Use your budget wisely
When looking for security products and services, seek out tools that can help with more than one of the bases you have to cover.
If you need a secure email hosting provider, for example, look for one that also ensures compliance of any communications traveling into or out of your organization.
2. Don’t be fooled by FUD—fear, uncertainty, and doubt
Many security vendors enforce scare tactics to convince you to buy the most expensive and up-to-date security tools. Some vendors even put forth FUD about what they deem to be inadequate solutions.
Don’t get caught in the mess and gossip. If you are working with a vendor that is not transparent with you when things go wrong—because they do—it may be time to reconsider that relationship.
As my SilverSky colleague Andrew Jaquith has said time and time again, vendors must foster ongoing, truthful communication and action when any issues occur: “Transparency is absolutely critical in building trust between customer and provider.”
3. Look for a partner in your security vendor
A 100% prevention-focused program won’t succeed in this age of sophisticated threats and evolving hacker methods.
Find a security vendor that offers 24/7/365 support from security experts who monitor threats and analyze all security alerts and incidents on your network.
4. Don’t underestimate your risk factor
Sure, you may be a small financial institution compared to some of the world’s largest banks. But the second you underestimate the level of risk your business faces is probably the moment a hacker breaks in and steals sensitive information.
Among the 925 financial institutions we evaluate in our semi-annual threat report, one of our mid-size credit union customers experienced the most security incidents in a six-month period—42 incidents in total.
Moreover, five of the top six organizations in terms of number of incidents were also credit unions; one large, two mid-size, and two small credit unions.
5. Collaborate across IT and other business units
IT and security departments should stay in constant communication with other business units.
Why? To ensure best practices are being exercised across the business and to make sure that performance and customers are not negatively affected by any projects taking place in IT.
One of our credit union customers shared with us that during a large IT overhaul project, he held regular meetings with representatives from each department to ensure they were up to speed on efforts to fulfill rigorous security and regulatory requirements while reducing the cost and time associated with achieving these goals.
Representatives from each business unit were responsible for updating colleagues in their departments and reporting back with questions, feedback, and/or concerns.