Cyber Hygiene: Five Practices Every Credit Union Should Implement
It’s not if, but when any business, including a credit union, will experience a breach or other cybersecurity threat.
“Everyone is a target,” said Scott Alldridge, CEO, IP Services, during a breakout at the Northwest Credit Union Association’s MAXX Convention, noting that financial services providers may be even more attractive targets for hackers.
Alldridge noted that businesses are spending a lot of money on cybersecurity but not solving the problem, so in addition to budgeting he offered “people and process” solutions to credit unions. He quoted research showing 93% of all breaches or cyber threats could be prevented if the targets engaged in five key practices including:
- Ongoing security awareness training. Don’t just offer it, Alldridge said. Follow up on it. If businesses train their employees not to click on suspect emails or phishing scams and they do so anyway, block them from access to their computers until they’ve completed another training session.
- A measurable and effective patch management program. Regularly scheduled reviews should occur, Alldridge said, including reviews of vendors’ systems.
- Regular internal and external vulnerability scanning. Such tests used to occur annually, then quarterly, then monthly, but as cybersecurity threats became more of a norm, Alldridge recommends weekly reviews.
- A well-managed security event information management (SIEM) program with curation. IP Services recommends that its clients review logs and identify patterns. If someone is repeatedly trying to log onto a location where they should not have access, for example, that may be a sign they are attempting a hack.
- Ongoing reviews of perimeter security ongoing with an effective change management processes.
Editor’s note: Strategic Link partner IP Services is more than a consulting business; it is a long-term partner for NWCUA member credit unions needing ongoing cybersecurity processes and best practices. Contact Jason Smith, NWCUA Vice President, Strategic Resources, to make a connection with the IP Services team.