news.cuna.org/articles/115833-cybersecurity-member-service-a-balancing-act
Andrew Maroun

Cybersecurity, member service a 'balancing act'

'Our goal is to reduce friction while keeping members' information secure.'

August 1, 2019

Meeting member expectations for anytime, anywhere access to accounts while maintaining cybersecurity is a difficult balancing act.

Andrew Maroun, senior manager of cybersecurity and networking at $12 billion asset Golden 1 Credit Union in Sacramento, Calif., says the need to find that balance drives credit unions’ search for new solutions, including the selection of new systems and vendors.

“Balancing the dual needs of security and exceptional service can be a challenge,” Maroun says. “Our goal is to reduce friction during service interactions while keeping our members’ information secure.

“It is an exciting time to work in cybersecurity, as we explore promising new solutions to challenges such as user authentication.”

Maroun addressed the 2019 CUNA Cybersecurity Conference with NASCUS.

Vendor selection

When Maroun presents information to other credit unions interested in building a framework for cybersecurity, he keeps in mind that credit unions must remain ready to respond to members’ desire for real-time access to financial information.

“Consumers want online and mobile banking, instant access to loan status information, and the ability to make payments on demand,” he says. “This desire for real-time information and service pushes financial institutions to explore multiple new solutions to meet demand.”

Maroun believes information security teams must play a key role in vendor and solution selection.

“Some vendors or solutions may not have a security-by-design mentality,” he says, “and information security expertise is required to add layers of technology to compensate for shortcomings.”

More credit unions are moving services to the cloud to for improved security safeguards.

In any situation, he advises credit unions to keep cybersecurity basics in mind to build a sustainable system.

“Many organizations try to run before they walk or crawl and miss the key first steps of cybersecurity,” Maroun says. “For example, it’s important to implement an asset inventory system and know where sensitive and confidential data resides before you implement more mature controls.”

Understanding new risks

The best information security professionals combine strong fundamental skills with a passion for their work to protect credit unions and their members, he says. At Golden 1, these professionals are diligent about staying aware of current trends and risks that threaten credit unions.

They also look beyond the credit union industry as they scan the horizon for potential threats.

“Security experts sometimes wear blinders and only look at their own vertical for areas of concern,” Maroun says. “However, other industries often face the same risks as the financial services sector.”

Asking for help and networking are both valuable tools for credit union cybersecurity professionals. Maroun says security experts sometimes overlook sources of help at other credit unions because they may be reluctant to show their organization’s vulnerability.

“However, if you are facing a challenge, some of your peers might have already solved the issue,” he says. “Security professionals must learn to lean on each other.”