Three things to consider. By Kristen Keely Sponsored by D+H
Credit unions are perpetually faced with balancing regulatory requirements, remaining efficient to protect revenue, and satisfying growing consumer demands safely. Working every day with financial institution decision makers, I’ve seen this challenge force credit unions to make difficult, compromised and, often, delayed strategic technology decisions. Meanwhile, CUs’ competition is heating up, making the pressure to prioritize even greater. To respond adequately, credit unions need a data security strategy that is compliant, available 24/7, and meets business continuity objectives, while also responding rapidly and securely to member needs. First, examine your physical and information security measures. Data security involves much more than firewalls and antivirus programs to keep your institution and customers or members protected. Ask yourself, “Do I have the physical safeguards in place to keep my data protected from human and natural incursions?” Your security protocols checklist should include these safeguards: biometric scanning and a PIN for internal system entry; 24/7 recorded, onsite video surveillance; photo ID and security escort for all users; cages and locks for internal equipment; and a photo ID key card badge for employee access. Protection from cybercriminals is also imperative. The enhanced measures CUs need include 24/7 continued vulnerability management scans and alerts; 24/7 intrusion detection monitoring; multi-factor authentication; redundant firewalls; proactive patch and vulnerability management; and data encryption to protect sensitive data. Coordinating and managing these measures is often not easy for credit unions given the necessary investment in resources dedicated to one piece of the security puzzle. Fortunately, the right cloud-based security solution helps to integrate systems, and gives CU executives greater peace of mind. Next, develop a disaster recovery and business continuity plan that addresses both planned and unexpected system failures. Credit unions need proof that their data will be safe if an employee leaves; if a workstation becomes infected with malware and requires a restore; or in the event of a natural disaster. Safeguards should include geographically distant, redundant data centers; redundant power, cooling, and network connectivity at each data center; continuous replication between data centers; annual functional disaster recovery testing; private circuit connectivity; Internet-based backup connectivity; independent carrier feeds; and battery backup and diesel generators. Finally, minimize your risk by keeping sensitive information in a central place where it’s secured and audited. The “Where’s your data?” question can be incredibly daunting and may well have a long-winded answer without the right solution in place. With the mobile device explosion at an all-time high, data can be accessed and viewed virtually anywhere. Your strategy should be developed and operated in accordance with Federal Financial Institutions Examination Council guidelines; subject to multi-agency examination; and reviewed by third-party audit and security firms to ensure industry standards and regulations are more easily met. $55 million White House Federal Credit Union, Washington, D.C., moved all of its IT, data and applications to a cloud-based solution five years ago, getting the institution ahead of its data and its budget. Using the solution to integrate previously disparate systems allows the credit union to focus on its members instead of IT concerns, take control of its business needs and priorities, while gaining invaluable peace of mind. The right cloud solutions provide enterprise-level physical and information security, while promising business continuity and the best IT management the industry has to offer. Kristen Keely is a cloud solutions marketing manager at D+H with four years of experience in technology communications. At CUES’ School of IT Leadership, you’ll learn how to let market forces drive your CU’s technology. The event will be held Sept. 27-29 in Charleston, S.C. The team of experts at CUES Supplier member and strategic provider Cornerstone Advisors regularly help credit union assess their technology needs and set their technology strategies.