CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact

News

Home » Assess your cyber risk
Technology Compliance

Assess your cyber risk

Regular cybersecurity assessments and detailed response plans can limit damage.

February 14, 2023
Brock Fritz
No Comments
2023-02_Kevin-Ivy_1200
TraceSecurity Director of Security Services Kevin Ivy

The move to hybrid work environments, which put laptops and cellphones in the hands of many employees, increases exposure to cyberattacks, says Kevin Ivy, director of security services at TraceSecurity, a CUNA Strategic Services alliance provider.

“You can't just focus on physical and logistical security anymore,” he says. “You now have to think about cloud security and other factors. It makes managing information security much more difficult because you have to look in so many different areas.”

While it’s difficult to guard against all threats, credit unions can take measures to manage threats and the damage they cause, Ivy says. His main recommendation: Conduct a risk assessment at least annually.

TraceSecurity offers a cybersecurity risk assessment service to identify potential weak spots and protect credit unions from threats. The assessment works with organizations to identify their critical assets.

The company then uses the NIST Cybersecurity Framework or the Federal Financial Institutions Examination Council Cybersecurity Assessment Tool to examine potential threats those assets face any given day.

The end goal is producing a service report that has control implementation levels, as well as any residual risk left over for each asset.

“Risk assessments are a great fundamental first step,” Ivy says. “You’re going to identify elevated risks that need attention and build from there. It’s a cyclical approach where you work through the life cycle of the risk.”

Ivy cites two cybersecurity threats that won’t go away: ransomware and social engineering.

The most common threat facing credit unions in recent years has been email phishing campaigns, he says. For example, a threat actor can buy a domain name that is close to a legitimate address and then send an email to someone at the legitimate company.

If the employee clicks a link within the message, malicious payloads enter the organization and, as Ivy says, “it’s off to the races.”

“It could be devastating,” he says. “Depending on the extent of the breach, you can infect your internal employee systems. But that could also extend to business partners and, what we definitely don't want, to members.”

From a technology standpoint, it can be difficult to catch these curated email attacks. Therefore, it’s crucial for credit unions to consistently train employees on security awareness, including the basics of not clicking on suspicious links.

“Sometimes we get stuck focusing on implementing technical things like a good data backup solution, email phishing filtering solution, and firewall,” Ivy says. “But a lot of times we forget we still have disaster recovery and incident response administrative controls we should put into place.”

Damage can be significantly lessened by a well thought out response. Ivy suggests creating formal processes for handling public relations and for managing your brand and reputation.

To avoid a worst-case scenario, credit unions should have fail-safe options and disaster recovery plans. However, Ivy says these are frequently vague plans that are only known by high-level employees.

He stresses the importance of sharing the plan throughout the organization. When an incident occurs, employees should know who to contact and whether they should power down their computers.

“Every second on the clock is detrimental to the business,” Ivy says. “Having detailed incident response procedures could save you from a massive breach and turn it into something you can contain within 10 minutes.”

KEYWORDS compliance cybersecurity risk risk management technology

Post a comment to this article

Report Abusive Comment

Credit Union Magazine: Spring 2023

Spring 2023

Credit Union Magazine’s Spring 2023 issue features the 2023 Credit Union Heroes and examines CUNA-League advocacy priorities, board leadership, the impact of financial well-being efforts, fee-related compliance issues, predictions for the year ahead, and more.
Digital Edition •  Subscribe

Trending

  • CUNA Mascot Madness: Voting opens for East Region

  • Mascot Madness: East winner crowned; Midwest voting opens

  • League leaders highlight credit union difference, safety, soundness

Tweets by CUNA_News

Polls

CUNA Mascot Madness: Which West Region mascot is your favorite?

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us