CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • COVID-19
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » 'All your systems audit differently'
Technology ACUC19 Tuesday

'All your systems audit differently'

Cybersecurity requires commitment from management and skill development from IT.

June 20, 2019
Ron Jooss
No Comments
Randy Romes on cybersecurity threats.

Randy Romes offers three action items for combating the latest cyberthreats.

Romes, who is principal in charge for CliftonLarsonAllen’s information security services group, presented during a Tuesday breakout session at America's Credit Union Conference, held at Walt Disney World® Resort in Florida.

1. Configure system auditing and logging. “All of your systems audit differently,” Romes says. “You have to know what it is, you have to turn it on, you have to manage it.”

Information technology (IT) departments should understand and document all logging capabilities and ensure all systems are configured to log important information. He says many IT departments are simply overworked and don’t understand the audit capabilities of many systems. Logs should be retained for at least one year, though longer is better.

2. Audit systems for default/weak passwords. Romes says the weakest systems on most networks are printer multifunction devices such as scanners and surveillance cameras. Employee passwords should be at least eight characters with both upper- and lower-case letters, numbers, and symbols.

Credit unions should also provide their employees with password management software. “Employees are just asked to keep too many passwords today,” he says. “Management should make it as convenient as possible for employees.”

3. Test back-up systems. “Penetration testing is designed to validate that things are working the way that you expect,” Romes says. He also described the “so what” factor: If you do find an exception during penetration testing, ask “so what?”

It’s vital to understand the level of risk that vulnerability presents. Again, this requires diligence, training, and knowledge on the part of IT, as well as commitment from management, he says. Romes adds that organizations should do penetration tests at least annually or after any significant change.

► Visit CUNA News for more conference coverage. Get live updates on Twitter via @CUNA_News, @cumagazine, and @CUNA with the #CUNAACUC hashtag.

KEYWORDS #CUNAACUC ACUC2019

Post a comment to this article

Report Abusive Comment

Credit Union Magazine - Winter 2020

Winter 2020

Credit Union Magazine’s Winter 2020 edition features CUNA’s 2021 lending outlook, CEO insights on adjusting to the pandemic, and board recruitment strategies.
Digital Edition •  Subscribe

Trending

  • Compliance: 2020 Year in Review, Checklist now available

  • NCUA proposes raising threshold for ‘complex’ CUs

  • 5 fraud predictions for 2021

Tweets by CUNA_News

Polls

Will you ask employees to receive the coronavirus vaccine?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites
  • Privacy Policy

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors