You’ve worked really hard to protect your Credit Unions member information from the obvious threats (think ransom hacker or dumpster diver). You have a firewall and some sort of alphabet soup strategy containing IDS/IPS appliances, DDoS mitigation services and quite possibly a SEIM monitoring application. So why then, are we still hearing about breaches? Simply put, we’ve overlooked the obvious and possibly biggest threats.
- Not recognizing that cash is no longer you’re greatest asset. Credit union member information security needs to be elevated and pursued in the same manner cash is protected and controlled. Once this paradigm shift occurs, the next steps are no brainers.
- Dual control isn’t just for cash. The time has come to put the same access controls and monitoring on those holding the key to your information kingdom. What type of controls? Here’s a few to get you started – IT administrators should have unique admin accounts for tracking activity; logs should be monitored to prevent unauthorized access and lastly those said logs shouldn’t be under the control of the IT administrators who could manipulate the data. (Yes we see this 90% of the time.) Dual control isn’t just about your IT staff either. Look accounts your member information inventory for opportunities to implement enhanced security and oversight.
- Trying to do everything in-house and alone is fast becoming the largest weakness of many Credit Unions. That is unless they are large enough to match staffing and expertise with the growing number and sophistication of threats to their data. No one sets out in their career to be a generalist. And being good at a ton of little things vs really great at one or two leaves your IT stretched beyond their own capabilities or drive. We hear it all the time, IT is surviving not thriving under the weight of new technologies, growing threats and unending compliance demands. “Right Sourcing” – partnering with the right solutions provider can eliminate operational workload and enable your team to focus on the strategic alignment of their efforts to the Credit Unions goals.
These aren’t easy topics to discuss but we need to. Insider threat exists for information assets just as it does for cash. Doing too much with too little weakens your team. Take a close look and see if your Credit Union could make some changes.