I’m a firm believer that, for far too long, we’ve put our focus on protecting our network perimeter, with thoughts of trying to keep “the bad guys” from getting in, rather than focusing on the security of our people and our data, and keeping the sensitive information from getting out. Broken? Backwards? Upside down? Your call, but fixing this is a major paradigm shift in thinking and organization culture.

So, you ask, how do we fix it? Let me outline the top 3 most important steps to paving the way for a security model repair.

1. Elevate the cyber discussions to board level. The financial, operational, legal, regulatory, reputational and, therefore, strategic risks around cyber threats are game changers for credit unions, their leaders, their employees, their members, and all their other stakeholders. Executives and boards must be in active discussion and seeking the proper security awareness and education.
2. Fix the broken training model and start providing employees engaging and continuous cyber awareness training. Most existing cyber awareness training programs are severely lacking. First, nobody gets excited about 60 to 90 minute module based training followed by a quiz. Secondly, annual or quarterly training could never keep the security awareness top-of-mind enough to gain the required behavior modification required of employees in order to foil emerging threats. That would be similar to showing a 7 year old student multiplication flash cards once a quarter and expecting them to have quick recall of the answers. Just not going to happen. Effective training must be served up in continuous, short bursts that utilize some level of gamification to keep employees engaged and in active discussion. With research showing that greater than 90% of breaches occur because of user targeted phishing (or similar) attacks, this is a serious issue.
3. Protect the DATA! Make sure the data is encrypted. We must assume that a breach has already occurred and a user, or the network, has been compromised. Not if, but when, it does happen, will the data be easily obtained and exfiltrated? Granular encryption of data both at rest and in motion should be a baseline requirement.

Don’t let the pressure of security related guidance coming from all directions create confusion and stall your progress.

As our team at CUdefender works with credit unions nationwide, we are assisting and guiding them in exactly how to accomplish the above steps in the most affordable way. Our engaging cyber awareness and training program is showing highly effective results. Please reach out for more information.

CUdefender can be contacted at 1-888-632-4339 or by visiting http://www.cudefender.com

Rob Harbin is CEO and Cyber Security Evangelist for CUdefender, LLC., a credit union cyber security company. His LinkedIn profile can be viewed at www.linkedin.com/in/robharbin. Email him at rharbin@cudefender.com and follow CUdefender on Twitter at www.twitter.com/CUdefender and Facebook at www.facebook.com/CUdefender

The post Security is Broken, Backwards, and Upside Down appeared first on CUdefender.

CEOs, don’t believe it for a minute and surely don’t advise this approach to your board! Security checklists won’t save you.

Your credit union risk environment is an ever-changing landscape that’s highly incompatible with a checklist style “set it and forget it” approach. The only safe and advisable method of risk management is one that evolves and adapts to cover inevitable changes in your organization.

CEOs, you must lead in these important security focused matters.  The financial, operational, legal, regulatory, reputational and, therefore, strategic risks are game changers for credit unions, their leaders, their employees, their members, and all their other stakeholders.

Credit unions need to radically rethink cyber security as a tightly integrated and holistic part of their risk management program and daily operational activities. Your information assets are changing. Your threats are changing. Your vulnerabilities are changing. The controls available to you to deploy are changing.  The only way you are going to stay on top of this constantly changing collection of ingredients in the risk equation is to establish, operationalize, and mature your information risk management program.

Some key points to remember as you consider your next steps:

1. Heed the lessons from JPMorgan, Target, Home Depot, etc.  Do your research and learn from their mistakes.
2. Listen to your gut.  You create, receive, and maintain sensitive member data!  Stop fretting over the semantics of PCI, FFIEC guidance, etc.  It’s all sensitive. This data constitutes “information assets” that need to be safeguarded. Make sure it’s getting done!
3. Know your threats and weaknesses.  Risk analysis and the identification of real and applicable vulnerabilities is the place to start and, done properly, will produce a prioritized list of exposures for your credit union.
4. It’s easier than you may think.  Security is complex and the tasks required to get your environment “up to snuff” may seem daunting but, trust me, huge steps forward can be taken without huge costs or time commitments. It’s knowing what items can achieve the greatest impact and executing on those items first.
5. CUdefender has guidance and solutions that meet many security needs and we are here to help you.

NCUA has prioritized cyber security as a top item for the 2015 year. But don’t do security right for the NCUA, do it because it’s the right thing to do for your credit union and its members.

CUdefender can be contacted at 1-888-632-4339 or by visiting http://www.cudefender.com

The post CU CEOs: Security Checklists Won’t Save You appeared first on CUdefender.

Cyber attacks, like last November’s hack of Sony Pictures, have motivated many to increase focus on external threats and begin having more discussions around real world cyber threats and overall preparedness.

Credit unions, like many other companies, have business units that submit regular requests to buy new cloud apps, the most popular being file-sharing services like Box, Dropbox, and Evernote. With most credit union infrastructure being built as fragmented layers of add-ons, over a period of many years, the security methods used to protect the legacy network and applications, as well as these new cloud applications, is severely lacking.

2015 is the year that credit unions must reinvent their security model to be more holistic and ready to face the sophistication of emerging threats. This doesn’t have to be a complete rip-out and replace initiative, and it can be accomplished much easier that most believe. Our team at CUdefender speaks regularly with credit union executives and boards who don’t realize some of the quick and cost effective steps they can take to have an immediate positive impact on their security posture.

The long-standing issue of security having a proper seat at the executive table should no longer be a problem. Now it needs another lift upwards to the board. Hopefully credit unions will have foresight to make cyber topics a substantial part of their 2015 board and strategic planning meetings.

Credit unions looking for security planning assistance or cyber threat protection can contact CUdefender at 1-888-632-4339 or visit http://www.cudefender.com for additional information.

The post Cyber Security Needs Board Level Visibility appeared first on CUdefender.

Credit Unions should use this Cyber Security Awareness Month to help remind and ensure that members are updated with the latest information about online scams, email and social phishing, password complexity, and have an opportunity to refresh skills with their overall online security. Also, Credit Unions that are taking proactive measures to improve security and further protect themselves (CUdefender customers :-), should help better educate members to keep them aware of the importance placed upon security and to provide more peace of mind.

The post Credit Union Cyber Security Awareness appeared first on CUdefender.