Brandon Smith would love to eradicate duplicate services among vendors—with one exception. 

“The one place where you can tolerate redundancy is security,” says Smith, vice president of finance and operations for $98 million asset Reliant Federal Credit Union in Casper, Wyo. “It’s a proven model to have multiple layers of security. So if there’s some overlap there, I don’t sweat that too much.” 

Smith’s not alone in holding that viewpoint. Protecting data and infrastructure was a top concern for 79% of credit unions responding to CUNA research. Systems availability and recovery was next at 47%. 

A wave of Distributed Denial of Service (DDoS) attacks that struck financial institutions earlier this year, and the rapid increase of online and mobile transactions underscore the need for tight controls. 

“It’s no longer as much a focus on protecting a branch’s cash vault or teller stations from armed robbery, as protecting our data from an electronic theft,” says Robert Reh, chief information officer at $392 million asset Nassau Financial Federal Credit Union in Westbury, N.Y. “These threats continue to evolve and require additional countermeasures and protections,” he says. 

Training staff to recognize threats represents another expense. Chris Saneda, chief information officer at $2.4 billion Virginia Credit Union in Richmond, remains vigilant against widespread system threats 

But he worries most about individual attacks such as “spear-phishing” attempts that target executives or system administrators; advanced, persistent threats that go undetected; or an employee clicking a link and infecting systems with a devastating virus. 

“My biggest data leak concern involves people,” Saneda says. “We spend a lot of time and money educating staff, putting in multi layered defenses, and even buying insurance, but all it takes is one infraction to cause significant harm.”