Under Attack: Cybersecurity, Ransomware Top Concerns for Credit Unions

Staying on top of technology and an evolving regulatory landscape is causing credit union executives some heartburn. But it’s the cybersecurity threats that are really keeping them up at night.

A white paper by IT and security services provider Safe Systems — “Top 10 Banking Security and Compliance Concerns for Community Banks and Credit Unions” — found that cybersecurity, ransomware and information security are among the biggest worries for credit unions.

To be sure, there is some cause for concern. In early May, the Financial Industry Regulatory Authority (FINRA) warned of phishing scams specifically targeting financial professionals. A week later, a FINRA EVP called such attacks the “biggest potential problem” for broker-dealers during the COVID-19 pandemic.

Still, while the report noted that financial firms are more commonly targeted than others, it added that there are a number of ways credit unions can protect themselves against cyber threats.

The report urged credit unions to leverage the Federal Financial Institutions Examination Council (FFIEC)‘s Cybersecurity Assessment Tool and the NCUA’s Automated Cybersecurity Examination Tool and adhere to well-known cybersecurity standards like the National Institute of Standards and Technology’s Cybersecurity Framework. The report also advised credit unions to train employees on how to detect cyber threats and back up their data as a precaution against ransomware attacks.

Cybersecurity problems, however, weren’t the only potential headaches for credit unions. The report also noted credit unions worry about keeping up with regulatory changes, managing exams and audits, as well as ensuring separation of duties and business continuity in a disaster. To help stay on top of changing regulatory landscape, the report said credit unions should adhere to the FFIEC’s guidelines, which provide compliance expectations in almost a dozen areas, and consider using regtech solutions.

The report added that challenges inherent in preparing for exams and audits can be mitigated by using a managed service provider and compliance technology to automate as much of the exam or audit preparation as possible. It also suggested leaning on the information security officer to ensure proper separations of duties and using automation technology to keep a business continuity plan up to date.

Still, credit unions may not be comfortable with their technology acumen. The report found widespread concern, for instance, over keeping up with technology as well as ensuring disaster recovery and proper use of cloud platforms. To deal with the former, the report suggested credit unions implement technology training for staff and participate in industry associations and peer groups. For disaster recovery, the report also advised taking a proactive approach to reducing risk and regularly updating contingency plans. And those credit unions looking to move to the cloud, it added, should first consider the technology’s functionality, security and access controls before diving in.