How to make sure hackers can successfully steal your credit union data

by Ongoing Operations

by. Robin Remines

It wasn’t long ago when I was responsible for ensuring the integrity of a large credit union’s infrastructure – three years and five months to be exact.  For roughly 13 years, I had the honor of leading an IT department and saw Y2K, core conversions and even a headquarters relocation! Before I accepted the job however,  I recall interviewing and wondering if the technology in a “bank” (gasp!) would hold my interest very long. What a shock I was in for! The pace of the financial industry combined with the exponential growth of technology solutions was a self proclaimed nerd’s paradise. But then somewhere along the early 90′s security took a turn from being solely a physical threat to an electronic threat. I didn’t know it then, but first generation firewalls, “home banking” and anti-virus were but humble beginnings to the vast cyber presence we see in today’s credit unions.  With the electronic flood gates open, the work to protect the credit union infrastructure never ceased and “protecting” the credit union data quickly overtook any other priority. But there was one problem, you couldn’t keep up – the bad guys NEVER sleep! And their methods were always changing. There are many ways to successfully thwart today’s cyber threats but today we will look at how to FAIL at protecting  your credit union!

In no specific order:

1) Developing a policy for every new threat – I was asked to develop a camera phone policy once and I tried to do it, I really did. But it didn’t make sense because then I would have to write a pen camera policy or perhaps a keychain camera policy (Ok, I exaggerate but I think you may see my point). These are behavioral issues – you DO NOT STEAL credit union data. Not by phone, not by paper, not by camera. Beef up your ethics policy and make it stick.

2) Overdosing on acronyms – AVP (anti-virus protection), IPS (Intrusion Prevention System), IDS (Intrusion Detection System) to name a few. Again, how many plugs can you put in the dike before the entire thing breaks. Credit union s must step back and take a more holistic approach to cyber security and invest in technologies that protect against the “behaviors” – electronic access to your data!

3) Go it alone – I can relate to this. I love technology and I have to admit that when there was a crisis is when the adrenaline really kicked in and it was man against machine. I liked to “do it myself and proudly stated many times that we were “in-house” and did our own thing”. But the reality is that today’s IT departments are turning into generalists because they are tasked with too many responsibilities and not enough resources.  Knowing when to “right-source” and partner with outside experts is key to successfully protecting your credit union data.

continue reading »

Featured