Operations

Build Up Security Policies and Budgets

Include the costs of security in your CU’s business plan and overall budget.

May 07, 2012
KEYWORDS budget , planning
/ PRINT / ShareShare / Text Size +

Knowing that your credit union is only as strong as its weakest link illustrates how important it is to have a strong security system in place.

A security breach can cost your credit union revenue, productivity, and member loyalty. Security problems can tarnish your reputation and result in a critical loss of funding.

Three CEOs describe here how their credit unions are being proactive—prioritizing security planning and protection to avoid security lapses.

Budget for top priorities

“Without adequate security policies and the willingness to invest in security, there isn’t a need for a business plan—we won’t be in business,” says Sterling Nielsen, president/CEO of $2.9 billion asset Mountain America Credit Union, West Jordan, Utah.

Mountain America stays up-to-date on best security practices and makes it a priority to implement them into its planning process. “Through that process,” says Nielsen, “the priorities are identified and the funds are budgeted to accomplish our security goals. We might not be able to complete our entire wish list, but we can budget funds for the highest priorities.

“One security oversight can destroy any trust our members have in us,” he adds. “Therefore, we go to great measures to secure our buildings, our networks, and our online services. The cost of protecting our networks is very high, but worth every penny.”

Mountain America has hired employees specifically trained in various aspects of security. It also has implemented employee training across the credit union and has enhanced its policies and procedures pertaining to security.

“Effective security is multifaceted—including security of the buildings, networks, online access, mobile access, member education, and other areas like social engineering,” says Nielsen. “But it’s easy to overlook social engineering—psychological manipulation of people you generally don’t see face-to-face in order to deceive them.

“This can be a significant security threat to credit unions, particularly as they grow and possibly become more vulnerable to scams like phishing, pharming, and other types of fraud.”

To pinpoint needed security improvements, he adds, you have to take a hard look at what you’re doing now. “For example, could a person pretending to be a phone company representative or a member of your information technology department talk his or her way into a sensitive area of your building?”

Updating security around social engineering includes several elements, Nielsen explains. Make sure staff don’t write down their passwords or place them where they can be found by others.

“We strive to maintain the trust of our members, but that doesn’t mean we should make online access easier than it should be,” he says. “If your online services are so convenient that your security is weak, you won’t be doing any of your members a favor.”

Next: Take prompt action as needed

Post a comment to this story

heroes

What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive