Some top internet headlines and articles surfacing over the past few months seem to suggest that completing a simple checklist of security items on a “to-do list” will solve the vast array of complex information privacy, security, and compliance issues facing the credit union industry.

CEOs, don’t believe it for a minute and surely don’t advise this approach to your board! Security checklists won’t save you.

Your credit union risk environment is an ever-changing landscape that’s highly incompatible with a checklist style “set it and forget it” approach. The only safe and advisable method of risk management is one that evolves and adapts to cover inevitable changes in your organization.

CEOs, you must lead in these important security focused matters.  The financial, operational, legal, regulatory, reputational and, therefore, strategic risks are game changers for credit unions, their leaders, their employees, their members, and all their other stakeholders.

Credit unions need to radically rethink cyber security as a tightly integrated and holistic part of their risk management program and daily operational activities. Your information assets are changing. Your threats are changing. Your vulnerabilities are changing. The controls available to you to deploy are changing.  The only way you are going to stay on top of this constantly changing collection of ingredients in the risk equation is to establish, operationalize, and mature your information risk management program.

Some key points to remember as you consider your next steps:

1. Heed the lessons from JPMorgan, Target, Home Depot, etc.  Do your research and learn from their mistakes.
2. Listen to your gut.  You create, receive, and maintain sensitive member data!  Stop fretting over the semantics of PCI, FFIEC guidance, etc.  It’s all sensitive. This data constitutes “information assets” that need to be safeguarded. Make sure it’s getting done!
3. Know your threats and weaknesses.  Risk analysis and the identification of real and applicable vulnerabilities is the place to start and, done properly, will produce a prioritized list of exposures for your credit union.
4. It’s easier than you may think.  Security is complex and the tasks required to get your environment “up to snuff” may seem daunting but, trust me, huge steps forward can be taken without huge costs or time commitments. It’s knowing what items can achieve the greatest impact and executing on those items first.
5. CUdefender has guidance and solutions that meet many security needs and we are here to help you.

NCUA has prioritized cyber security as a top item for the 2015 year. But don’t do security right for the NCUA, do it because it’s the right thing to do for your credit union and its members.

CUdefender can be contacted at 1-888-632-4339 or by visiting http://www.cudefender.com