news.cuna.org/articles/107307-tips-for-cybersecurity-protection-cunanascus-summit

5 tips for cybersecurity protection: CUNA/NASCUS summit

August 25, 2015

DENVER (8/25/15)--Tips from a variety of cybersecurity experts highlighted the first day of the CUNA/National Association of State Credit Union Supervisors Cybersecurity Symposium Monday.

The two-day event features a number of experts offering information on assessing risk, dealing with the aftermath of a data breach, cybersecurity best practices and more.

Tom Schauer, CEO of Trust CC, kicked off the program with a look at the cybersecurity landscape facing financial institutions in 2015, a year in which high-profile data breaches seem to be in the headlines more than ever.

Incidents involving Ashley Madison and the U.S. Office of Personnel Management are just the most recent, while Home Depot, TJ Maxx, Neiman Marcus and Michael’s are just a few that made headlines in 2014.

Schauer recommended five key actions:

  • Make sure privilege escalation can be detected;
     
  • Make sure you have a proper incident response plan;
     
  • Address high and medium-high deficiencies;
     
  • Regularly ask “How would I steal money from this credit union?” and “If I wanted to negatively affect the reputation of this credit union, how would I do it, and what can prevent this type of attack?” and
     
  • Recruit information technology talent to the board so the board is well equipped to provide guidance and oversight.

Patrick Sickels of CU*Answers cited Verizon’s 2015 data breach investigations report, and found three main categories of attack: external, internal or attacks through a partner of clients. He recommended credit unions enact security policies that cover each of these angles.

Mick Kless, president of R.I.S.C. Associates, broke down how credit unions should prepare contracts with all third-party vendors, including a checklist of questions credit unions can use when evaluating a contract.

Today’s events will feature remarks from a deputy assistant director of the U.S. Secret Service, a hacking demonstration, a look at managing compliance in an ever-changing security landscape, using the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tour, a look at the future of payments and more.

Other Resources

TraceSecurity/CUNA Strategic Services