news.cuna.org/articles/116978-create-a-robust-cybersecurity-program-that-is-future-focused

Create a robust cybersecurity program that is future focused

November 25, 2019

Going digital opens up growth opportunities for your credit union, but it also increases exposure to new cyber risks. Ever-evolving cybersecurity tactics makes security an on-going effort and keeping your knowledge current is a constant battle. With a focus on internal controls that are proactive and have considered how to mitigate worst-case scenarios, you'll be better prepared to meet your member's needs and protect their data. Here are three quick tips to help you get started developing a sound cybersecurity program:

1. Create a feedback loop

Everyone in your organization plays a role in keeping your credit union secure. Create a culture of cybersecurity by ensuring you create a feedback loop that allows for communication between departments. You may need to remove barriers that prevent open dialogue between security and other business areas. If you don’t have one, develop an official reporting system so you can get alerts to potential threats like phishing attempts and handle them before they become a bigger problem.

2. Fully vet third-party vendors

The financial services industry adheres to stricter regulations than many other industries. The proof of this difference is evident with more than 3,800 publicly disclosed breaches in the first six months of 2019. This shouldn’t stop your credit union from working with third-party vendors to improve the services you can offer members, but it should encourage you to play it safe and create a thorough third-party vetting process. Things you should look for include when screening vendors include:

  • EU General Data Protection (GDPR) compliance
  • California Consumer Privacy Act (CCPA) compliance
  • Authentication methods
  • Service-level agreement

3. Bolster your cybersecurity expertise

Knowing the current cybersecurity landscape, including regulations, is essential to helping professionals across your credit union make informed decisions that protect data security rather than undermine it. When you fully understand your cybersecurity obligations, you can avoid non-compliance costs. Key National Credit Union Administration (NCUA) cyber standards you’ll benefit from knowing include:

  • Automated Cybersecurity Examination Tool (ACET)
  • National Institute of Standards Technology (NIST)

Consider these insights when developing a sustainable cybersecurity strategy. Also, be sure to enroll in CUNA Cybersecurity eSchool with NASCUS (recorded) and the CUNA Cybersecurity Conference with NASCUS, June 1-3, 2020, in San Diego to catch up on the trending topics shaping cybersecurity.