ALEXANDRIA, Va.-In a new Letter to Credit Unions (03-CU-14), NCUA recommended that credit unions reference guidance recently issued by the Federal Deposit Insurance Corporation to assist in developing effective software patch management programs. FDIC's guidance covers appropriate policies, procedures and practices for mitigating the risks that come with software weaknesses. "During the past year, many companies and some credit unions have experienced security breaches that could have been prevented through the timely identification and patching of software vulnerabilities. This guidance provides information about the importance of maintaining an effective computer software patch management program and information technology (IT) infrastructure," NCUA Chairman Dennis Dollar said. Though companies create updates, called "patches," the software user is still responsible for ensuring the patches are installed as soon as possible, the letter reminded. FDIC's guidance recognized, "Most financial institutions use multiple commercial software packages. Therefore, it can be challenging to identify, test, and install all of the applicable patches that are necessary to maintain each software package. A patch management program should be part of an institution's overall computer security program." FDIC also outlined several areas of risk from an inadequate patch maintenance program. It can cause system unavailability, create weaknesses in security, or corrupt critical system components or data. "Software vulnerabilities that result in security weaknesses can leave computer systems unprotected and open to access and criminal misuse of bank information by unauthorized parties, such as computer hackers," according to FDIC. FDIC's guidance is enclosed with the letter.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.