Get A Quote

How can credit union professionals implement and strengthen their cybersecurity posture within their organizations? 

Much like banks, credit unions hold large amounts of highly sensitive data about members, including financial and personal information such as credit scores, banking information and investment history. Unfortunately, many credit unions are still at a loss when it comes to properly securing their critical data assets against cyberthreat, breaches and intrusions.

Most recently, Desjardins, the largest association of credit unions in North America, fell prey to a cybersecurity incident when an employee leaked the personal information of more than 2.7 million individual members and 173,000 businesses outside the institution.

In this blog article, you will learn more about:

.

Related Posts: How Banks Avoided the WannaCry Cyberattacks and the Lessons that Can Be Learned

.

Introduction to Cybersecurity

Before we dive deeper into cybersecurity for credit unions, let’s have a look at what cybersecurity actually means.

Cybersecurity is most commonly defined is a set of strategies, techniques, and controls to reduce risk and ensure that your data assets are protected.

In general, security should be looked at as striking the balance between access and control.

In today’s business environment, information has become a key resource for all organizations. Technology, in turn, plays an important role in the entire information lifecycle, including its creation, use, storage, treatment, disclosure and removal.

Business owners and executives are struggling to find a balance between protecting their confidential data assets, leveraging them effectively to generate business value from IT-enables investments and mitigating the respective risks that come with managing data, all while complying with various risks and regulations.

For credit unions (and all organizations processing or storing large amounts of confidential data), cybersecurity should be a regular part of their best practices.

Related Post: What is Cybersecurity all about?

.

The Cybersecurity Dilemma for Credit Unions

“Cybersecurity is a systemic risk that affects all levels of business, government and ordinary people. It is such a high-risk area for credit unions that the National Credit Union Administration (NCUA) placed cybersecurity as a top focus for exams.” (National Association of Federally-Insured Credit Unions)

More often than not, credit union professionals find it challenging to balance their many priorities with the implementation of an effective cybersecurity strategy.

Here are just some of the challenges that IT and security professionals at credit unions face:

When it comes to choosing the right cybersecurity strategy, how are organizations supposed to know what is best? Should you conduct regular penetration testing, vulnerability assessments, control assessments, compliance audits, risk assessments, security program reviews, etc.? The list goes on! How often should this be done? And how can you be sure that these initiatives will actually pay off?

According to Help Net Security, “cybersecurity strategy needs to be led by the board, executed by the C-Suite and owned at the front lines of the organization.”

.

Cybersecurity Baselines & Best Practices for Credit Unions

While it is easy to become overwhelmed of the sheer thought of implementing an effective cybersecurity strategy, your best battle strategy is put your cybersecurity posture at the core of all security initiatives you undertake.

By doing so, you will be able to tackle the following cybersecurity best practices with greater ease.

We will go over each of the above best practices in detail.

.

1.    Know Where Your Assets Are and What Their Value Is

According to ISO/IEC PDTR 13335-1, an asset is defined as “anything that has value to the organization, its business operations and their continuity, including Information resources that support the organization's mission.”

To improve your cybersecurity posture, your credit union should identify

Knowledge is power. Having awareness of your critical assets will help you define a cybersecurity strategy that focused on protecting your most critical assets adequately. This way, you will be able to allocate the largest chunks of your budget to protecting assets that are most important to be protected.

Important: Not all assets have equal relevance to your credit union, which is why it is impossible to protect all of them equally.

.

2.    Define Your Potential Risks

Risks represent the potential for loss, damage or destruction of an asset following a threat.

Before implementing an effective cybersecurity strategy, it is important for your credit union to think about all potential risks that you may be facing.

By carefully reflecting about your risks, you will be able to outline security strategies that can help you reduce or mitigate these risks properly.

Related Post: Risk Management: Why Perspective is Essential

.

3.    Implement Effective Security Controls

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.

The main objective of security controls is to assist organizations in managing their risk and protecting their valuable assets against security incidents, cyber threats and data breaches.

There are 3 types of security controls:

  1. Preventative controls, attempting to prevent a security incident before it occurs.
  2. Detective controls, identifying a security incident while it’s happening (or shortly after).
  3. Corrective controls, limiting the damage following a security incident and helping a business to get back on track

In your credit union, controls can be malware defenses, internal processes, 24/7 monitoring, penetration testing or incident response techniques, for example.

Depending on your geography or the industry you operate in, you may want to follow a variety of security control frameworks, including NIST, ISO or the 20 Critical Security Controls issued by the Center for Internet Security.

Interested in learning more about how your organization can strengthen its security posture with the 20 CIS Critical Security Controls? Watch the recording of our webinar “Are You in Control? Managing the CIS Critical Security Controls within your Enterprise”, which we jointly hosted with SANS.

 

4.    Know Your Internal and External Threats

Threats represent what could damage, destroy or compromise your assets.

Assessing the risks and threats of your credit union environment will help you define which types of security controls need to be implemented and strengthened to protect your assets from threats.

Important: Threats can be external or internal: hacker groups, employees, individuals with access to your devices/amenities, third parties.

.

5.    Evaluate and Strengthen Your Cybersecurity Posture

With your cybersecurity posture in mind, you will be able to adopt a focused approach to assessing, designing, developing, implementing and aligning your security posture. A Cybersecurity Posture Assessment provides an overall view of a customer's internal and external security posture by integrating all the facets of cybersecurity into only one assessment approach.

A cybersecurity posture assessment can help indicate how healthy or resilient your credit union is when it comes to cybersecurity, how effective it can protect against potential cyberattacks and how well it can maintain a strong cybersecurity posture as the threat environment evolves.

→ Want to self-assess your cybersecurity posture? Download our free checklist to find out!

New call-to-action

 Generally, a cybersecurity assessment is based on four (4) principal baselines:

  1. Credit unions need to know what they have and to what extend they need to protect it
  2. Credit unions need to know where they stand and what their strengths and weaknesses are
  3. Credit unions need to know where they are going and what needs to be done to get there
  4. Credit unions need to know how to stay in control of their security controls

.

Conclusion

It is increasingly difficult for credit unions to know what their current cybersecurity posture is and how well they could face security incidents. This can result in a variety of issues, including:

By knowing their cybersecurity posture, credit unions can develop a long-term security strategy that will protect your credit union, outline a concrete cybersecurity roadmap and help you strengthen your cybersecurity defenses over time.


Do you know what your credit union’s cybersecurity posture is? If you’re not sure, we’ve developed a handy-dandy checklist that will help you get a high-level overview of where you’re at in terms of your cybersecurity posture. Click below to download a copy.

Cybersecurity Posture Assessment Checklist

phone-handsetcrossmenu