Callahan Clients, please log in for direct access to:
Learn What You're Missing
Upgrade Your Subscription
Thank you for your interest in reading the fantastic content we have on CreditUnions.com! However, the page you are trying to access is for subscribers-only. To learn more, select an option below.
All users must now log in to read, research, browse, and have fun on CreditUnions.com. Yes, we still offer freebies. And, yes, it’s worth the extra effort.
Print or PDF this article today because you won't have access to it later. Or, click here to learn how to get 24/7 access.
By Turner, Warren, Hwang & Conrad
Tackling cyber-security has become part of every credit union’s list of ongoing initiatives. With new threats emerging every day, members can become numb to the shock of having their data compromised. However, it is still important that data losses not be traced to the credit union’s own lack of controls.
The task of understanding how well your credit union is combating cyber-crime can be a daunting task for management and supervisory committees. At minimum, the supervisory committee should require annual information technology audits to be completed and presented to them. The committee should select the auditor that will be completing this work, and the auditor completing the work should present the report to the committee. This will open up a dialogue between the auditor and the committee to help explain the risks that were uncovered and how these risks can be mitigated.
In addition to the audit, the committee and management should determine if the credit union’s IT department is following any standards or controls to mitigate cyber-security risks. The Center for Internet Security (CIS) is a widely accepted organization that has developed control standards with input from the international IT community. These control standards have been vetted and benchmarked — building on lessons learned from real life attacks — with solutions that resulted in averting further damage.
CIS has used five philosophies from which it has further created a more granular set of 20 critical security controls (CSC). The five philosophies are as follow:
The more granular set of 20 critical security standards that were developed with these philosophies are prioritized below. These steps can help IT professionals and organizations in general recognize the most effective order for investing their time and resources. Interestingly, not all of these controls have a big price tag associated with them, although they all require diligence on the part of the IT department.
It is important to note that the independent testing performed by outside auditors is last on this list of 20 CSCs. Ensuring even the first five of these controls are covered will help reduce the chance of successful cyber-crimes against your organization. However, this is version five of these critical controls, and it is clear there will be future revisions coming as technology and cyber-security continue to evolve.
Checking to see how many of these CSCs are implemented at your credit union will give you an idea of the level of security in place and where improvements can be made to keep your members and their information well protected.
Kian Moshirzadeh has been in banking since 1988 and joined TWHC in 1993 where he started his career as a credit union auditor. Since that time, he has worked with hundreds of credit unions helping them with audits and consulting engagements. Today, Moshirzadeh is the managing partner of TWHC and continues to work with credit unions and financial institutions exclusively.
Turner, Warren, Hwang & Conrad AC is a service-oriented tax, accounting, and business consulting firm headquartered in Burbank, CA. Individuals, small businesses, credit unions, and financial institutions choose us for their tax preparation, audit, and financial consulting needs because of the dedicated personal service they receive. Learn more at www.twhc.com.
This sponsored content article is provided to the credit union community for shared insights and knowledge from a recognized solutions provider in the industry. Please note that the views and opinions offered here do not reflect those of Callahan & Associates, and Callahan does not endorse vendors or the solutions they offer.
If you are interested in contributing an article on CreditUnions.com, please contact our Callahan Media team at email@example.com or 1-800-446-7453.
May 4, 2015
No comments have been posted yet. Be the first one.
Submit your email address to receive daily industry updates and web-only features.
P: (800) 446-7453 | F: (800) 878-4712
1001 Connecticut Ave. NW Suite 1001
Washington, DC 20036