"It's not just what we do for credit unions; we're tied to a lot of the big core processors," he said.

Levy explained business partners such as Fiserv, Jack Henry and Fidelity demand some heavy-duty requirements and audit capabilities.

"We really have to toe the line and do this by the book," Levy, who is also chair of the Electronic Signature and Records Association, explained.

In addition to having disaster recovery, continuity, acceptable use and incidence response plans in place, IMM also performs employee criminal background and credit checks. IMM also requires every single employee in the organization – about 100 – to agree to follow specific security policies and best practices, and complete education.

Levy said IMM is very strict when it comes to its security and requires all employees to sign off on multiple security policies and practices. IMM employees sign off via an internal sending tool, Document Exchange, which is also available externally and allows for the safe review, signing and tracking of confidential or sensitive documents.

Alissa Fry-Harris, director of marketing at the Henderson, Nev.-based Bluepoint Solutions, which has its roots in contact document management for credit unions, centered her presentation on how providing convenience during the mobile account opening process requires precaution as well.

"From a security and compliance perspective, how can I be sure I'm gathering the right information and vetting my new accountholders appropriately to avoid fraud, or any other pitfalls of opening a bad account, especially when the member never even comes to the branch?" Fry-Harris asked.

She suggested credit unions look at the connection between security and compliance, even when attempting to streamline member processes. Fry-Harris described how Bluepoint Solutions' account opening platform, Open Anywhere, for example, imports data directly from government-issued identification, mobile phone carriers and mobile device GPS data to reduce manual input requirements and authenticate people.

"You should use technology to integrate into the backend all the required items identifying your new member, making sure that you know who they are, they have control of their device and you understand their ability to repay," Fry-Harris said.

Normally, when organizations think about security, the focus is on areas such as encryption, reliability and authentication, another speaker said.

"That's normal, but it's not enough," Mike Fitzmaurice, vice president of Workflow Technology for the Bellevue, Wash.-based Nintex. "The weak link is not in forgetting to encrypt traffic; the weak link is not in terms of forgetting to assign permissions to different objects; the weakest link is in making sure corporate policies are actually followed."

Policies can include assigning new employees to the right security groups and implementing customer-relationship management privileges. Fitzmaurice noted when organizations forget to do that, it usually causes people in the trenches to get creative, improvise and do things that are anything but secure, such as sharing accounts and passwords.

"Digital workflow automation, also known as business process management, can help with that. Workflow makes sure that steps are taken, processes are followed and records are kept, automatically," Fitzmaurice added.

"Software does a better job of remembering to check things, and remembering to follow up on things and flagging anomalies, than people do," Fitzmaurice said. "Digital workflow automation remembers and can help complete some of those steps more reliably and quicker. Productivity and security do not have to be enemies."

Join us at Credit Union Times' Fraud: Don't Let It Happen To Your Credit Union Conference, where you will find the latest tools and techniques for preventing fraud and data breaches; strategies for responding in the immediate aftermath and best practices for restoring reputation, financial stability and information security. This two-day conference is designed for credit union executives, boards of directors and those responsible for your credit union's cybersecurity policy. Register to attend and save $150.