After numerous articles, comments, and post-incident analysis of the various cyber attacks cluttering our media headlines and social feeds, it doesn’t take one too long to conclude that our existing model for security is broken, backwards, and upside down.

I’m a firm believer that, for far too long, we’ve put our focus on protecting our network perimeter, with thoughts of trying to keep “the bad guys” from getting in, rather than focusing on the security of our people and our data, and keeping the sensitive information from getting out. Broken? Backwards? Upside down? Your call, but fixing this is a major paradigm shift in thinking and organization culture.

So, you ask, how do we fix it? Let me outline the top 3 most important steps to paving the way for a security model repair.

1. Elevate the cyber discussions to board level. The financial, operational, legal, regulatory, reputational and, therefore, strategic risks around cyber threats are game changers for credit unions, their leaders, their employees, their members, and all their other stakeholders. Executives and boards must be in active discussion and seeking the proper security awareness and education.
2. Fix the broken training model and start providing employees engaging and continuous cyber awareness training. Most existing cyber awareness training programs are severely lacking. First, nobody gets excited about 60 to 90 minute module based training followed by a quiz. Secondly, annual or quarterly training could never keep the security awareness top-of-mind enough to gain the required behavior modification required of employees in order to foil emerging threats. That would be similar to showing a 7 year old student multiplication flash cards once a quarter and expecting them to have quick recall of the answers. Just not going to happen. Effective training must be served up in continuous, short bursts that utilize some level of gamification to keep employees engaged and in active discussion. With research showing that greater than 90% of breaches occur because of user targeted phishing (or similar) attacks, this is a serious issue.
3. Protect the DATA! Make sure the data is encrypted. We must assume that a breach has already occurred and a user, or the network, has been compromised. Not if, but when, it does happen, will the data be easily obtained and exfiltrated? Granular encryption of data both at rest and in motion should be a baseline requirement.

Don’t let the pressure of security related guidance coming from all directions create confusion and stall your progress.

As our team at CUdefender works with credit unions nationwide, we are assisting and guiding them in exactly how to accomplish the above steps in the most affordable way. Our engaging cyber awareness and training program is showing highly effective results. Please reach out for more information.

CUdefender can be contacted at 1-888-632-4339 or by visiting http://www.cudefender.com

Rob Harbin is CEO and Cyber Security Evangelist for CUdefender, LLC., a credit union cyber security company. His LinkedIn profile can be viewed at www.linkedin.com/in/robharbin. Email him at rharbin@cudefender.com and follow CUdefender on Twitter at www.twitter.com/CUdefender and Facebook at www.facebook.com/CUdefender