Should it stay or should it go?

Working from home adds to the importance of securing the data pipeline. Leaders must now consider what data to keep, what data to destroy, and when to destroy it.

Core processing systems handle a vast volume of data each and every day. Credit unions have to store that data somewhere, and the pandemic has made securing such confidential information more complicated.

The rush to remote working for thousands of credit union staffers who work with and otherwise have access to that treasure trove of information has increased what experts call the “attack surface” for hackers. It’s also made now a good time for financial cooperatives to think about what they’re keeping and how long they keep it.

“Cyber-threat activity related to COVID-19 has become its own pandemic,” says Jason Sharabani, manager of internal audit and compliance for the past nine years at Member Driven Technologies, a suburban Detroit CUSO that hosts the Symitar Episys platform and multiple other solutions for more than 100 credit unions across the country. With the boundaries between what’s inside an organization’s firewall and what’s outside becoming less and less obvious, an organization’s attack surface now extends to the outer reaches of the internet, including employees’ homes.

That reality adds urgency to reviewing what must stay and what can go with an eye toward shifting away from the “keep everything” philosophy that drives storage practices at many cooperatives.

 

continue reading »