Compliance: Cybersecurity, COVID covered in NCUA briefing
October marks Cybersecurity Awareness Month, and CUNA’s Compliance staff take a deep dive into the briefing received by the NCUA Board earlier this month in a recent CompBlog entry.
The presentation was designed to provide insight into what credit union boards should be asking credit union management and their respective IT/cybersecurity staff during the pandemic and with the increased use of remote employees.
Does your credit union have the basics covered?
- Employees know to be wary of any COVID-19 emails especially those from outside of the credit union.
- Employees know to exercise increased caution when asked to enter credentials and via social media, links, emails etc. - and when downloading attachments.
- Credit union systems and applications leverage multi-factor authentication;
- Employees know to keep passwords secure, and never reuse passwords on different accounts.
- If a target of ransomware – consider not following the demands to get the information back because the information held for ransom will likely be made public anyway.
- Determine if cyber insurance is right for your credit union.
- Use VPN – and limit access to certain information when remote.
- Manage bandwidth and adjust accordingly.
In addition to revisiting the basics on cyber-security practices, NCUA’s presentation also covered preparedness tips when reviewing processes in place at the credit union for deficiencies in the areas of:
- Incident/Breach Management - Have your credit union’s policies and procedures related to incident/breach management been updated within the last 9 months (COVID) to take into consideration the increase in remote work?
- Cyber Hygiene - Have the credit union’s remote work policies and procedures been reviewed and adjusted accordingly as a result of the heightened risks as a result of COVID, now that the credit union may have more staff working remotely?
- Business Continuity - Business continuity plans should have business impact scenarios and business process scenarios. Have these been reviewed and revised accordingly in the business continuity plans to consider the credit union’s operating conditions under COVID?
- Digital Strategy – Review your credit union’s digital strategy. As a result of COVID, the new normal going forward may include more employees working remotely. What are the credit union’s short, mid and long-term plans for this remote environment?
See the CompBlog entry for additional details, things credit union leaders consider for each of the above areas and links to the presentation.
Don’t forget to register for CUNA's Cybersecurity eSchool with NASCUS. By registering you can access content from top subject matter experts on current cybersecurity trends as well as learning the "how to" for using the latest applications to ensure your credit union's data remains safe. For details on attending CUNA's Cybersecurity eSchool with NASCUS, follow the links: live virtual event or the recorded event.