Think you can put off data security compliance to stretch a limited operating budget? Think again. Regulators are becoming
more insistent that credit unions not only comply with federal and state financial regulations, but also with minimum standards
for data handling and protection.
“Regulators are pushing data leakage prevention, where credit unions are required to know where all of their sensitive data is stored and who has access to it, and tracking when it goes out and where it goes,” says Kevin Prince, chief technology officer (CTO) at Perimeter e-Security.
The National Credit Union Administration (NCUA) is making sure credit unions have implemented firewalls, antivirus software, and intrusion protection, says Jim Stickley, CTO at TraceSecurity. “The current emphasis is on multifactor online banking protection, where you throw up more challenges to people coming in online. This includes asking for identification and answers to personal questions, or requiring visitors to have a certain cookie embedded in their computers.”
Another new emphasis, says Stickley, is vendor management—an outgrowth of regulators’ concerns with identity (ID) and data theft. For example, say Credit Union X has third-party data storage, which gives the vendor full access to confidential information. How does the credit union protect that data? The answer is to conduct due diligence on those vendors.
“The problem is that most credit unions are small operations that might have one person doing all information technology (IT) tasks—from data storage and server maintenance to replacing toner cartridges in the printers,” Stickley says. “That’s why we offer VendorTrack, a vendor management service, in conjunction with CUNA Strategic Services.”
Next: Compliance needs drive purchases