What’s wrong with how credit union’s have deployed IT security

There was a time in my career as the VP/IT at a large credit union where each time a new “threat” came out I was asked to write a policy or find a technology to mitigate the threat.  First came internet threats so we get a firewall, then came virus/Trojans so we bought anti-virus software and later came data leaks so we purchased data loss prevention tools (DLP).  The acronyms are as endless as the number of tools/strategies credit union’s have protecting the infrastructure  – DMZ, IDS, IPS, etc. When it comes to IT Security strategies, its my opinion that this can expose your credit union to unnecessary threats/risks.  Not so much because they won’t get the job done – there is just too much to keep a strong handle (monitoring, patching, etc.) on at all times!

At a recent Ongoing Operations Client Advisory board meeting several of our Credit Union CTO/CIO’s mentioned the challenges they were having maintaining and meeting NCUA compliance.  One $500m credit union mentioned that despite a large Technology team, they were spending 8

continue reading »