Bolstering Your Credit Union’s IT Strategy

Whether your credit union is in the process of completing mergers and acquisitions or just anticipating considerable growth over the next few years, managing and securing your IT infrastructure is critical to your success – particularly with so much change in the credit union space.

Growth requires extra resources, especially from an IT perspective. Building new branches, assembling new offices and onboarding additional employees means your credit union’s IT infrastructure must adapt to meet the additional needs. But, due to a variety of factors, most IT departments are hard pressed to scale on demand.

Today’s prevalence of remote work exacerbates these challenges, as IT staff balance supporting growth while implementing security protections to mitigate vulnerabilities. When planning for future investment in infrastructure and technology, your credit union must also ensure your IT strategy and cybersecurity framework provide necessary defenses.

Navigating Security for Remote Workforces

As your infrastructure grows, the need to monitor network devices and critical servers remains an increasingly complex challenge. Because of the current threat landscape and changing nature of work environments, it’s critical that you know what’s going on within your network at any given time, and are prepared to defend against the nearly constant threat of cyberattacks.

As your credit union continues to navigate remote work environments, consider these tips to enhance IT and security strategies for your workforce.

• Prioritize a security-minded culture. Whether employees work remotely or in the office, your credit union should prioritize employee cybersecurity education to help create and maintain a security-minded culture. By creating a culture focused on security, you can ensure employees are knowledgeable about proper online conduct as well as common cyber threats, including phishing and malware. As your credit union works to increase cybersecurity awareness among employees, reinforce how important it is that they ask for assistance after engaging in potentially risky behavior. Even the most well-intentioned and informed employees can make mistakes, so your credit union should create a culture that fosters open communication and encourages employees to immediately alert IT after a mistake is realized.
• Develop an Acceptable Use Policy. One result of remote work is the blurred lines of employees’ personal and professional lives. In this new work-from-home reality, employees may be more likely to use corporate-owned devices for personal business – leaving your credit union vulnerable to risks. Creating and communicating a clear Acceptable Use Policy that outlines your specific policies for business devices or networks will strengthen your credit union’s security posture. In any working environment, an Acceptable Use Policy that establishes rules and expected behaviors will further protect your credit union from security risks and create accountability for employees. Your credit union’s Acceptable Use Policy should specifically address remote work environments to educate employees on expectations and risks of operating outside the office.
• Implement the CIS Controls. A recommended set of actions for cyber defense, the Center for Internet Security (CIS) Controls provide specific ways to prevent today’s most common attacks. The CIS list includes 20 controls, divided into three categories: Basic (1-6), Foundational (7-16) and Organizational (17-20). Considered both user- and budget-friendly, this framework simultaneously simplifies and strengthens cybersecurity, eliminating common attacks and vulnerabilities. Your credit union should start with the first six controls and complete them in order, as they build upon each other. By incorporating just the Basic Controls, your credit union can reduce cybersecurity risk by 85%.

Strengthening Your Security Posture

With cyberattacks and data breaches on the rise and hackers looking for more opportunities to exploit institutions, no network is safe from cyber threats. Since the beginning of the COVID-19 pandemic, the FBI reported a 300% increase in cybercrimes. With an attack occurring every 39 seconds, your credit union must secure your users, devices and data by detecting and preventing threats.

In addition to the best practices above, deploying defenses such as firewall management, unified threat management, patch management, intrusion prevention system (IPS) protection and other consultative services improves your credit union’s cybersecurity posture.

Further, your credit union should conduct a thorough inventory to identify technology that is no longer needed or used and create policies regarding installation of new hardware and software. You should also ensure that your technology directly supports business objectives and aligns with your specific IT strategy, goals and environment.

Another component of strengthening your security posture is an annual IT and cybersecurity risk assessment, including the analysis and remediation of risks from both a regulatory and business perspective. For this, a trusted financial services partner will work closely with your IT leadership to comb through the entire network, and make sure systems are working correctly and that there are no security vulnerabilities.

This work pays dividends during yearly audits from your state regulators and the NCUA, especially since examiners like to see 24/7/365 service and monitoring of your network and devices.

Delivering Benefits to Your Members

By effectively managing your IT infrastructure, your credit union can mitigate the risk of cyber threats and meet changing security demands as you expand and scale.

And the benefits of enhancing your IT strategy extend to your members. A secure IT infrastructure and robust cybersecurity platform allow you to focus on what you do best – empowering your members to live their best financial lives.

Steven Ward leads the vCIO Consulting Team for Computer Services, Inc. (CSI), a provider of core processing, managed services, mobile and internet solutions, payments processing, print and electronic distribution, and regulatory and compliance solutions based in Paducah, Ky.