CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » Leverage the Experts to Prevent Security Breaches

Leverage the Experts to Prevent Security Breaches

CUs will continue to be prime targets for cyber criminals.

February 27, 2015
Madeline Domma
No Comments

Although financial institutions fell prey to some of the most notable data breach attacks of 2014, no one in the industry was shocked by the events.

Credit unions are and will continue to be prime targets for cyber criminals because they maintain databases that contain members’ personally identifiable information.

The nonprofit organization, Online Trust Alliance (OTA), published its 2015 Security and Privacy Best Practices Report which analyzed more than 500 online security breach attack reports from the first half of 2014.

In the report, OTA highlights the shocking fact that almost 90% of the attacks could have been prevented by implementation of basic information security controls.

From suggested improvements of vulnerability and risk management protocol to recommendations addressing company incident response methods, all of the best practices outlined in the report can be put to action using TraceSecurity’s cloud-based, fully integrated and award-winning IT GRC management software, TraceCSO.

For instance, recommendations to implement a vendor management program serve as a reminder that several of the most costly data breaches of recent history could have been avoided through proper vendor management.

Enhancements to the TraceCSO vendor management module are currently underway to streamline existing vendor management processes and incorporate risk analysis to empower credit unions to make well-informed, intelligent decisions about their existing and future vendor relationships.

Another OTA recommendation that has been reinforced with updated regulation guidance involves an established incident response plan. Upcoming additions to TraceCSO’s incident response module integrate guided workflows that meet newly-published NCUA standards to enable credit unions to maintain compliance with these updates.

Whether recommendations instruct credit unions to develop training and testing materials or policies, TraceCSO provides the platform for company policies to be developed and accepted and training courses to be distributed and tested.

Finally, recommendations to implement effective vulnerability and password management practices and to enforce least privilege user access and multi-layered firewall protections may be accomplished through TraceCSO’s patch management and network scanning functionality, as well as through the variety of information security services that TraceSecurity offers.

Leverage the experts
Of the attacks evaluated, 60% were either the result of insider activity or social engineering attempts.

OTA recommends performing annual risk assessments to identify credit union assets that contain (or allow access to) sensitive member information and create a framework from which the institution can develop data minimization and least privilege access to these systems.

Customers can choose to have TraceSecurity perform any of the various security assessment services offered as well as participate in implementation training that educates the credit union on how to perform risk assessments internally using TraceCSO.

Similarly, a social engineering training course is available within TraceCSO, and TraceSecurity provides social engineering engagements designed to test employee response to such attacks—cultivating an institution-wide awareness of social engineering strategies to ensure intrusion attempts are debunked at all levels of the institution.

TraceCSO, coupled with TraceSecurity’s extensive information security services, provides an essential combination of resources to develop all components of a successful risk-based information security program.

By leveraging TraceSecurity’s services and integrating TraceCSO’s risk, compliance, vendor, and incident response capabilities, credit unions can thoughtfully plan for and greatly diminish the potential of data breach attacks not only in 2015 but also for years to come.

MADELINE DOMMA is product design specialist for TraceSecurity, a CUNA Strategic Services alliance provider. Contact her at 225-456-5828.

KEYWORDS breach credit union security

Post a comment to this article

Report Abusive Comment

Credit Union Magazine - Winter 2019

Winter 2019

Alternative lending, compliance management systems, and ideas for boosting credit card portfolios are among the topics of Credit Union Magazine’s Winter 2019 edition.
App •  Digital Edition •  Subscribe

Trending

  • CFPB proposes to raise remittance threshold to 500 transfers

  • PODCAST: Bettering people’s lives

  • Compliance: Recapping the 2019 BSA Conference

Tweets by CUNA_News

Polls

What's the pace of staff turnover at your CU?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors