Credit union leaders come together each year at the CUNA Governmental Affairs Conference (GAC) to share insights on advocacy, strategic trends, and the pulse of the industry.
During the 2016 CUNA GAC, we once again celebrated strong year-over-year national growth, with credit union memberships growing nearly 4% to 105 million, assets growing 6.5% to $1.23 trillion, and loans growing 10.4% to $808.7 billion, according to CUNA.
Clearly, new heights of achievement are looming. But at the same time, leaders must remember that continuous growth brings additional responsibilities.
While it is a privilege to deliver innovative services to an increasing number of members and communities, in this day and age, doing so requires a commitment to leveraging state-of-the-art information security.
When Ted Koppel spoke about cybersecurity preparedness during his keynote speech at this year’s CUNA GAC, some audience members were surprised by his candor.
In one of the more-sobering takeaways from his speech, Koppel warned leaders that “cyber intrusions are part of your life, whether you know it or not.”
Reactions to Koppel were wide-ranging and swift: some attendees were intrigued and others were shocked.
While not all will agree with his statements or choice of terms, it brought to my mind that as we continue to grow and foster member relationships, we must remind ourselves that there are myriad ways for credit unions to prevent, detect, and prepare for potential security breaches using contemporary technology.
To get started, here are three recommendations for obtaining additional insight on cybersecurity best practices.
1. Talk candidly with technology vendors
Technology vendors invest a great deal of time and resources on cybersecurity preparedness. In fact, current regulations mandate that vendors provide advanced and holistic safeguards to protect your member data.
You should always expect that vendors will deliver the highest level of security against breaches from domestic and international sources—and don’t be afraid to discuss this openly with them.
Vendors can also help you create and manage disaster preparedness plans that map out the credit union’s 360-degree response to any incident. In order to be effective, the plan needs to define immediate and longer-term objectives for operations and communications to ensure sustained confidence from regulators and members.
You should also train your management team and staff trained on how to respond to any such matter.
2. Consult NCUA on federal guidelines and standards
This tool can help C-level executives and board members assess their credit union’s current risk profile and determine how to manage such risk moving forward.
NCUA also provides access to the Center for Internet Security Critical Security Controls, which offers specific, actionable intelligence on how to stop malicious cyberattacks.
These controls were established by the National Security Agency’s elite “Red Team” and “Blue Team” in tandem with other top law enforcement organizations, so you can be sure these protocols are among the best of the best.
Credit unions also can access the three-part National Institute of Standards and Technology Special Publications’ subseries on cybersecurity guidelines and recommendations.
These robust security publications contain up to 40 years of progressive information technology security expertise, with up-to-date references on cloud-based technology and digital and mobile systems.
3. Consider outsourcing
For smaller and low-income credit unions, keeping up with the latest advances in cybersecurity can be a challenging task. These credit unions often have limited internal resources to dedicate to threat mitigation.
With this in mind, outsourcing mission-critical systems to an established application service provider (ASP) can help reduce overall cost and risk.
The ASP model shifts most of the daily burden onto technology providers that have expertise in cybersecurity preparedness. Qualified providers will have the resources and talent to ensure your credit union receives best-in-class, around-the-clock protection and backup against malicious threats, often at a lower cost than handling this in-house.
Overseeing a credit union’s cybersecurity efforts may seem like a major burden, but it can be effectively managed with great success.
Credit union leaders should not fear for the safety of their members’ data. They should prepare to do everything possible to protect this data using the best methods available.
It is vital to communicate with your members on an ongoing basis about cybersecurity, as this can help ensure loyalty and trust. Your members want—and need—to know that the credit union is protecting their private information at all times.
Should an incident occur, your members will also need to know that the situation is under control and being promptly corrected.
In the unfortunate event of a cybersecurity attack, contact the appropriate law enforcement agencies immediately for assistance. These dedicated professionals can help your credit union quickly and actionably address the incident and any affiliated crimes.
As Koppel rightfully alluded to during the CUNA GAC, we must think proactively, strategically, and defensively on the very important topic of cybersecurity.