Part 1: An executive’s 3-point checklist for cybersecurity

Cybersecurity is a vast and technical topic. There’s so much buzz in the market that it can be an intimidating subject to discuss. Understandably, executives tend to delegate discussions on this topic to their very capable technical teams. However, since regulators are holding C-suites and Boards of Directors accountable for cyber safety and soundness, our goal is to help educate everyone on the cyber threat landscape. This includes what credit unions will want to look for in their security programs, and the questions to ask their teams.

To begin, let’s define what a data breach is. According to the National Institute of Standards and Technology, a breach is “the release of sensitive, protected, or confidential information to an untrusted environment.” These are the things that your team attempts to prevent, resolve, and control.

In the unfortunate circumstance that a breach does occur, there are laws governing who must be notified, in what manner, and when. Federal and state laws are too complex to review in this single blog, but they should still be reviewed with a well-informed cybersecurity counsel. To head off a crisis, the National Conference of State Legislatures and the National Credit Union Administration (NUCA) are two good resources to consult to confirm breach notification laws in your state.

 

continue reading »