CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • COVID-19
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » Cybersecurity: What’s your level of preparedness?
Technology

Cybersecurity: What’s your level of preparedness?

Here’s where many credit unions fall short, according a new NCUA tool.

September 12, 2018
Bill Merrick
No Comments
NCUA

NCUA is using a new tool to gauge credit unions’ level of cybersecurity preparedness: The Automated Cybersecurity Examination Tool (ACET).

Developed in 2017, ACET consists of an inherent risk profile and a cybersecurity maturity level, explains Wayne Trout, regional information systems officer for the agency. In 2018, NCUA will examine the 268 credit unions with more than $1 billion in assets using ACET.

Trout, who addressed the CUNA Technology Council’s 5th Annual Security Summit in San Francisco, identified several of credit unions’ “least achieved baseline statements” from the cybersecurity assessments:

  • The institution has policies commensurate with its risk and complexity that address the concepts of threat information sharing. “You need to have a policy in place that says what information you can share, how you share it, and through what means,” Trout says. “Put it in a box and see how you want to control it,”
     
  • Organizational assets (i.e., hardware, systems, data, applications) are prioritized for protection based on the data classification and business value. “This is a beast,” he says. “You have so much data in so many places. But take the first shot at it.”
     
  • A risk assessment focused on safeguarding customer information identifies reasonable and foreseeable internal and external threats, the likelihood and potential damage of threats, and the sufficiency of policies, procedures, and customer information systems. “If your credit union is on the East Coast,” Trout asks, “have you updated your risk policy for the possibility of hurricanes? As things change, you have to bring them into play.”
     
  • User access reviews are performed periodically for all systems and applications based on the risk to the application or system.
     
  • Firewall rules are audited or verified at least quarterly.
     
  • Data flow diagrams are in place and document information flow to external parties.
     
  • Contracts stipulate that the third-party security controls are regularly reviewed and validated by an independent party.
     
  • The risk assessment is updated to address new technologies, products, services, and connections before deployment. “Get senior management involved and implement a policy that says nothing goes into play until it goes through the risk assessment process,” he says. “This will prevent a lot of problems.”

►Click here for more conference coverage from CUNA News, and get live updates on Twitter via @cumagazine, @CUNA_News, @CUNACouncils, and by using the #TechCounciland #OMECouncil hashtags. Learn more about the CUNA Councils, a member-led professional society for credit union executives, at cunacouncils.org.

KEYWORDS #techopss cybersecurity

Post a comment to this article

Report Abusive Comment

Credit Union Magazine - Winter 2020

Winter 2020

Credit Union Magazine’s Winter 2020 edition features CUNA’s 2021 lending outlook, CEO insights on adjusting to the pandemic, and board recruitment strategies.
Digital Edition •  Subscribe

Trending

  • NCUA proposes raising threshold for ‘complex’ CUs

  • Compliance: 2020 Year in Review, Checklist now available

  • NCUA’s 2021 supervisory priorities reflect COVID effects

Tweets by CUNA_News

Polls

Will you ask employees to receive the coronavirus vaccine?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites
  • Privacy Policy

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors