Escalating cyber threats require credit unions to improve and constantly update their governance of secure sensitive member data, maintain privacy compliance, and prevent data breaches. And, the National Credit Union Association (NCUA) has observed a rise in cyberattacks against credit unions, credit union service organizations (CUSOs), and other third-party vendors supplying financial services products.
Here are some specific information governance steps that credit unions can take to prevent or at least mitigate and defend themselves against cyberattacks:
Ensure that employees and consultants (including home workers) use multi-factor authentication for sensitive accounts and provide the required training to prevent unauthorized access and phishing attempts, enhancing overall cybersecurity
Defensibly and securely delete non-record emails to minimize the total data footprint that could, be potentially subject to attack
Maintain usable/understandable and well-formulated incident response plans and ensure that employees are properly trained on the policies and procedures for identifying and reporting threats
Create and keep detailed records of vendor cybersecurity assessments and procedures
Consolidate data into a unified secured source (rather than siloed across multiple departments), frequently backing up that data and regularly testing the credit union’s recovery process.
Maintain an active information governance steering committee that includes members from IT, information security, legal, risk management, HR, finance, and other key departments, schedule regular steering committee meetings, and ensure that discussions and concerns related to IT security are included within meeting agendas!
Maintain an active vital records program that identifies core data assets such as IP, engineering records, and highly sensitive personal information and ensures that that data is afforded the proper protection (and backed up).
Continuously monitor and audit processes – for example, by continuously monitoring network activities and promptly applying security updates, a credit union can effectively detect and respond to suspicious activities – and show regulators that it has taken the necessary steps to enable it to prevent cybersecurity threats!
To paraphrase Smoky Bear – Only You Can Prevent Cyberthreats!
As cyber threats continue to escalate, credit unions must proactively enhance their information governance practices to safeguard sensitive member data, comply with privacy regulations, and fortify defenses against cyberattacks.
By implementing robust measures such as multi-factor authentication, defensible data deletion, and active steering committees, credit unions can not only mitigate potential risks but also demonstrate a steadfast commitment to cybersecurity preparedness in the face of evolving challenges.