Strategic partnership brings better cybersecurity compliance to credit unions

Regulatory compliance firm PolicyWorks and cybersecurity firm LMG Security join forces to help credit unions meet regulators’ cybersecurity priorities

To help credit unions comply with complex regulatory requirements governing cybersecurity, PolicyWorks and LMG Security have partnered. The alliance provides credit unions access to affordable, best-in-class cybersecurity solutions that evaluate cooperatives’ vulnerabilities.

“Protecting against cyber threats is an increasing focus for credit unions and regulatory agencies, including the NCUA,” said Justin Hupfer, CEO of PolicyWorks. The added regulatory scrutiny comes at a time of record-high incidents of cybersecurity attacks. The number of reported U.S. data breaches reached a new high in 2016, increasing by 40 percent from what was already the highest number on record in 2015.

“Cybersecurity management can seem complicated, and the increasing expectations daunting,” added Hupfer. “We want our credit union partners to know they don’t have to go it alone. Whether they have an existing cybersecurity compliance program in place or are starting from scratch, PolicyWorks and LMG Security can help.”

The partnership will provide credit unions with various cybersecurity packages to choose from, or they can access any service individually. Services include vulnerability scans, penetration tests, phishing tests, compliance assessments, policy templates and more.

“Financial institutions are an extremely appealing target, and hackers are exploiting weaknesses to maximize the damage,” said Sherri Davidoff, LMG founder and author of Network Forensics: Tracking Hackers Through Cyberspace. “Over the years, our research and publications have helped define best practices in cybersecurity, and we continue to help financial institutions evaluate their security measures and build strong, efficient cybersecurity programs.”

Among the compliance activities the partnership will immediately provide credit unions is completion of the Cybersecurity Assessment Tool (CAT). Recently released by the Federal Financial Institutions Examination Council (FFIEC), the CAT was built to help financial institutions identify risks and determine cybersecurity preparedness.

“Credit unions are facing something of a time crunch with their CAT plans because they are encouraged to complete the assessment yet this year,” said Cindy Williams, vice president of regulatory compliance for PolicyWorks, who also said it was important to note this is not a mandate. Rather, the NCUA has said the CAT will be part of an enhanced exam focus for 2017.

Madison Iler, director of compliance and advisory Services at LMG Security said: “At LMG, we excel at meeting our clients where they are at today. Many credit unions feel overwhelmed by the amount of cybersecurity precautions they’re being pushed to take. LMG Security is here to guide and prioritize those steps; whether this is uncharted territory or simply re-evaluating current procedures.”

LMG Security staff are also experienced in assessments using the NIST Cybersecurity Framework, which is mapped to the FFIEC CAT and provides a logical, organized set of security controls credit unions can use to establish or refine cybersecurity programs. In addition, LMG staff are experts at conducting internal and external penetration testing, as well as social engineering tests to help credit union staff resist phone scams and phishing attacks, which are the most popular delivery vehicles for ransomware and other malware.

“Our job is to make cybersecurity as simple as possible for credit unions, so that they can focus on serving their members and communities,” said Davidoff. “We like to say, ‘We make nothing happen.’ That means helping credit unions minimize the risk of viruses and data breaches, and reduce the time they spend on cybersecurity and compliance. We work hard at our job, so that you can focus on yours.”

About LMG Security

LMG staff are leaders in the cybersecurity industry. They publish game-changing research and strive every day to push the boundaries of current cybersecurity knowledge. The firm’s compliance and advisory services experts work closely with organizations to meet regulatory requirements and set forth strategic compliance plans. LMG operates a thriving practice with diverse clients located around the United States and internationally. To learn more, visit

More News