2023 Credit Union Cybersecurity Predictions

Written by

 

As technology advances, so does the need for heightened credit union cybersecurity measures. When it comes to cybersecurity, credit unions must stay up to date with the latest threats in order to keep their members safe and secure.

As the world of technology continues to evolve, so do the challenges of keeping our data secure. Credit unions in particular face a unique set of cybersecurity threats that must be anticipated and prepared for. We will discuss how credit unions can leverage digital transformation to protect themselves and their members from malicious cyberattacks as well as explore emerging technologies that may be used to combat potential threats.

In this article, we will take a look at what experts predict are some of the major credit union cybersecurity predictions for 2023.

Credit Union Cybersecurity Will Be a Top Risk Management Concern

According to a recent NCUA article, the top 4 risk factors affecting the financial industry in 2023 include interest rate risk, liquidity risk due to inflation concerns, credit risk due to housing and loan market concerns, and cybersecurity risks due to geopolitical issues and growing dynamic threats.

In July 2022, NCUA approved a rule that requires credit unions to notify NCUA no later than 72 hours after they reasonably believe a reportable cyber incident has occurred. They have created and optimized their ACET (Automated Cybersecurity Evaluation Toolbox) and offer many free resources and checklists to credit unions aiming to adjust and evaluate risk management concerns for the new year.

“Passwordless” Solutions Are at the Forefront of Financial Cybersecurity Solutions

“Passwordless” solutions like MFA (multi-factor authentication) will continue to be a powerful tool in every credit union’s cybersecurity best practices toolkit. As the use of cloud computing and hybrid work and customer service solutions rises, so does the need to ensure all data, no matter where it is stored or sent, is protected by more than a password.

Password auto-fill options like the Google Smart Lock system continue to be popular in both personal and professional settings, and that can create rifts in security. But with MFA, those rifts can often be closed or avoided completely due to the hacker’s need to have more access and devices in order to complete the authentication process.

Because apps and cloud usage have exponentially expanded the attack surface for credit unions, these new technologies require advanced solutions that look much different than the ones that previously governed in-house servers and networks.

Phishing & Email Attacks Among Top Cybersecurity Threats for 2023

A recent article from Forbes outlines the top 5 scams that businesses should be watching for in 2023. They include:

  • Business email compromise (BEC): this includes the use of fake email accounts to harbor or spread threatening software and includes phishing attempts, ransomware, and more.
  • Malware and Ransomware: due to the current geopolitical climate surrounding the conflict between Ukraine and Russia, many political cybersecurity experts believe Russia will use its resources to continue launching ransomware attacks against those governments and entities that do not agree with its current political agenda.
  • Crypto Scams and “pig butchering” scams: Named for the phrase “raising a pig for slaughter,” these attacks start with a friendly message that entices the recipient to create an online relationship with the sender (hacker). As that trust grows, the hacker will then start questioning the recipient about their interests in crypto in an effort to get them to buy into a website that is reputed to have made someone a lot of money, only for that crypto to be stolen from the recipient’s accounts.
  • Cybercrime cash-out process innovation: This is an evolving scam that started with hackers and bad actors asking unsuspecting and uneducated individuals to send gift cards or cryptocurrency in an effort to get around the “cash-out,” where payments that surpass $10,000 and other high-value transactions can be tracked and flagged for suspicious activity.
  • Scamming as a Service: Virtual marketplaces in underground websites are creating and selling end-to-end services that “enable low-skill threat actors to fill their carts and pay with crypto,” Forbes says. These services include full sets of stolen credentials, ready-to-deploy ransomware, phishing, other attacks, and more. Even the bad guys love a good package deal.

Multi-Year Strategic Plans Work Best for Cybersecurity Success

Because cybersecurity threats are ever-changing, credit union and financial industry leaders must be prepared to put their money and their time into multi-year strategic plans. Cybersecurity is a complex beast, and everything and everyone that interacts with a network can create potential threat opportunities.

A mix of internal and external threats are often already beginning to make their way through secure areas, files, and devices throughout the year, and an improvement in key performance metrics, like a decrease in ransomware or phishing attempts, is no reason to ease off or to decrease your institution’s budget for cybersecurity personnel, services, and software.

Organizations with Cybersecurity Network Architecture Will Reduce Financial Security Costs By 90%

Does that sound too good to be true? It’s a certainty by 2024, according to Gartner’s cybersecurity predictions for 2023-2025. Those organizations that switch to a more holistic cybersecurity approach that encompasses not just their devices and network, but all technology that has access to or is integrated with it, are expected to see a 90% reduction in the final costs of security incidents.

Credit union cybersecurity threats are serious and should be caught early to minimize damage and data theft. That’s why IMS offers Polaris Radar, an anomaly detection software that enables your system to recover more quickly and easily from an attack on your credit union network security. Don’t get caught unawares, especially when your members’ personal and financial information may hang in the balance.

National Cybersecurity Awareness Month 2022: 4 Major Takeaways

Written by

 

October was National Cybersecurity Awareness Month, and we wanted to share some of our favorite insights we found throughout October. The importance of cybersecurity should include several focus areas.

Your network health and security should be a priority all year. As threats evolve and emerge, so should your cybersecurity strategies. It’s easy to feel overwhelmed about the state of your credit union’s security, but there are so many tools and experts ready to elevate your networks and provide you with powerful solutions.

The Human Element is Paramount

The theme for the 2022 National Cybersecurity Awareness Month is “See Yourself in Cyber,” which focuses on the human element of cybersecurity strategy. Because you can have the best protection and tools for your network, but more than 90% of cyberattacks are initiated (usually unintentionally) by human error.

From tellers to your CEO, and IT professionals to branch managers, the human element of cybersecurity is made up of everyone using your networks. And because credit unions are responsible for holding the life savings and other monetary assets of their members, it’s important to have all your employees trained on the most up-to-date cybersecurity practices.

Teaching your employees about the importance of cybersecurity includes showing them how to secure their everyday operations (with passwords, multifactor authentication, logging off computers instead of leaving them running or unlocked, etc.), how to recognize malicious content, emails, and more, as well as informing them how to report and react to cybersecurity breaches when they occur.

Learn about Your Members’ Habits, & Correct Them If Necessary

“Think before you click” is another way to underscore the importance of cybersecurity, especially after National Cybersecurity Awareness Month. It’s a catchy phrase that packs a punch.

Many of your members are using their credit union information in third-party payment apps and on a host of diverse retail websites. The current “Tiktok made me buy it” trends have sparked innumerable spam accounts that are pretending to carry products that have gotten popular on social media and other platforms.

Your employees and members aren’t IT experts, but you can give them the tools to help recognize when and where they should be sharing credit union account information, or personal information in general.

Check to ensure that websites are PCI compliant, and teach your members how to recognize warning signs and scam accounts, emails, and sites.

Passwords, Passwords, Passwords

Weak passwords are often the downfall of an individual or credit union network. Sharing passwords, keeping them taped to your computer monitor at work or at home – we’re all tired of changing our passwords and finding out that we need uppercase, lowercase, special character, and minimum character length requirements.

But all these elements underscore the importance of cybersecurity: it’s in the details. Strong passwords are a great primary line of defense for several reasons. When you add each of these infuriating characteristics to your passwords, it would take a hacker nearly two decades to figure out what it is and leverage your data and networks in their favor. With that kind of security, it makes the hassle of creating these complex passwords worth it.

Update Your Software

The cyber threat landscape is always changing, and your software should be updated to keep up with those changes.

Cyber attacks aren’t growing because people refuse to put safeguards in place, they’re growing because more people than ever are carrying out core business and personal functions completely online, and the tools you had in place last year or even last month are already being circumvented by the latest threats.

Many credit unions (and businesses in general) hate losing productivity to time-consuming updates, but the importance of cybersecurity often lies most heavily in the preparation, not the reaction.

Here are a few tips:

  • Try to schedule disruptive or in-depth updates for downtime – stay away from business hours if possible.
  • Remind your team and your members early and often if you have updates that will render parts of your system unavailable for any amount of time.
  • if possible, turn on automatic updates – this prevents you and your employees from missing or skipping an important software patch or update.
  • Evaluate your software regularly – are there other products that could do things better or more efficiently? Look into them or create a review program to ensure your current solutions are the best solutions for your credit union.
  • Listen to IT department recommendations – costly mistakes can be made if you dismiss your resident cybersecurity experts. They’re not being alarmist, they’re telling you what will happen if you don’t take preventative action.

It’s Not “If,” It’s “When” – Why Your CU Needs Cloud-based Backups

Automated and unattended, IMS’s Rubrik backup solutions allow you to prepare for the worst without co-opting crucial hours of your management and IT teams’ time. Securing your data when there is a breach or data loss incident can be quick and easy.

IMS Rubrik includes backup and recovery, continuous data protection, ransomware recovery, replication and disaster recovery, virtualized environments, as well as Windows and Unix protection.

Reach out to us today to learn more about our solutions and the importance of cybersecurity. 

Ransomware Concerns: Why You Should Be Fixing Data Management Problems

Written by

 

Ransomware concerns are often categorized as cybersecurity issues rather than a result of data management problems. But there are emerging insights from the cybersecurity industry that underscore the importance of data management and other proactive technology programs and software in the fight against ransomware threats.

Here’s why you should be using data management to combat ransomware threats.

The Cost of a Ransomware Attack Is More Than Just the Ransom

Ransomware costs businesses more in the resulting downtime than it does in the ransom payment, according to TechCrunch.

Downtime causes a ripple effect that can be felt throughout your organization. From incident response measures to legal fees and support, not to mention the impact to customer experience, downtime caused by ransomware can get pricey fast.

Depending on the size of your business, that ransom amount can also be quite high. Your data management problems are only exacerbated by a successful ransomware attack.

Credit unions and other financial institutions are seeing a huge uptick in ransomware attacks, and that trend doesn’t look like it will slow down anytime soon.

IMS can help set you up for success and save up to 80% of primary storage costs, leaving you with more capital to run your business.

Good Data Management Is Always Learning

If your credit union were a smart house, data management is the technology that runs all your settings and cycles. Imagine your smart thermostat, for a moment. You can set it to learn how you manage your home’s temperature throughout the day. Pretty soon, the system will use these patterns to create a schedule that best fits your usage.

That’s how IMS’s machine learning works with your data. The software learns how your credit union employees and executives use data and where it travels, and it will notice when things go off track, like when someone tries to hack into your servers or gain access to sensitive data without authorization.

As your data management problems emerge, your IMS software can help you navigate to the most comprehensive solutions through compliance and data discovery tools.

Don’t Forget about the Big Picture

Your data is likely housed across physical servers, cloud systems, and other legacy processes. But because these fragmented processes can’t give you a good idea of how much data you have, or what it looks like in its entirety, you are setting your credit union up for failure.

To continue the house analogy: imagine you are at home, and a fire breaks out. When you submit your losses to your home insurance, you also submit photo and video evidence of your assets that were in the home – televisions, gaming systems, children’s toys, clothes, furniture, kitchen appliances, etc. Your insurance company then cuts you a check for your loss of those items.

If you don’t have this big picture view of your home, you may miss important things that were lost.

Your credit union data is the same. If you have no concept of the scope of your data, where it is, and how much exists, ransomware attackers can steal and corrupt files that are crucial to your credit union operations, but that you didn’t realize were missing until much later. Data management problems often require looking at specific data items and areas, but also need the context of your big picture data usage and storage to use as a framework or blueprint.

Visibility and pattern analysis (like those solutions offered through IMS Data Discovery) can show you what’s happening in every part of your data management system. Once you have this framework, you can see how your data is being used, who is using it, and when. And with machine learning, those patterns we talked about earlier – and any disruptions that happen within them – are easily traceable and visible.

The Role of Data Backup & Recovery

Preventing attacks should be at the top of the list of ransomware concerns. Much like driving a car or keeping your house locked, it’s easier to use defensive tactics to prevent issues, rather than to wait until the issues arise to address them. Even so, your credit union data is still likely going to be targeted by bad actors, and that means your reaction to an attack has to be as stronger or stronger than your attempts at prevention were.

Two important pieces of pulling yourself out of data management problems include data backup and disaster recovery.

Because ransomware often targets the data that will halt operations and cripple your credit union’s business, your data backups need to be housed safely, and at least one copy should – by best practice – be housed offsite.

And disaster recovery is your failsafe. Once the cybersecurity walls have been breached, disaster recovery is your most important next step.

Ransomware cripples people and businesses by leveraging the lifeblood of their operations – digital data. If you don’t set up ways to get that data back without going through the hackers, your credit union could face huge issues, up to and including the shutdown of your business operations.

Invest in the Best Credit Union Data Management Solutions

Data management problems require multi-faceted solutions. And IMS is your guide for cohesive and comprehensive data management strategies that fit your credit union.

For those looking to increase your effectiveness at preparing for and preventing ransomware incidents, IMS offers Anomaly Detection through a technology called Polaris Radar. You’ll be able to recover faster while increasing your system’s intelligence. See how your data moves and changes and let Polaris Radar use machine learning to detect and alert you of anomalous behavior. 

Cybersecurity Best Practices for Credit Union Lending

Written by

 

Your credit union members are likely more worried about making sound and safe financial decisions, especially as housing and living costs rise with an unprecedented hike in inflation. In the last several decades, these costs have quadrupled in most areas of the country, while wages have yet to even double. That means your members and prospective members are looking for smart and secure lending options.

July through September is the peak lending season for most financial institutions, and you don’t want to alienate prospects by employing less-than-optimal lending cybersecurity.

There are several ways to incorporate cybersecurity into your credit union lending process and practices.

Start with a Good Foundation – Or Build It

Large, for-profit banks are the only organizations in the financial sector that can afford to create a proprietary system for loan processes. The rest of us, including your credit union, must rely on strategic planning, and smart tools.

Lending cybersecurity, like cybersecurity in other high-risk industries, can’t successfully rely on DIY programs to create a solid digital wall of protection around networks and systems within it.

Your cybersecurity program should have all-encompassing strategies, not just piecemeal solutions. Think of it this way: while you can build a boat with several hundred pieces of wood or metal and create a strong enough hull for the boat to float, you’ve now got hundreds of seams and potential cracks just waiting to be breached. Whereas, if you create the hull using something more akin to one seamless piece, your chances of water seeping in are much lower.

A good foundation includes things like reviewing your current digital landscape and cybersecurity. The first step is looking for potential security gaps. These gaps can be interwoven throughout this landscape: in data collection, storage, and encryption protocols as well as third-party vendor interfaces, mobile apps and platforms, servers, cameras, social media accounts, and more.

These things need to be audited regularly, starting from the first days of your newly integrated systems.

Simplicity is Key – But There’s a Limit

Lending cybersecurity mainly relies on the implementation of practices, education, and technology solutions that minimize the risk of a cyberattack. If you have fewer holes in your systems, that a hacker will find a way through them is going to be much smaller.

That’s why simplicity in your lending practices and tasks is key. The loan process is complicated by nature, but the more seamless you can make it for your members and your staff, the better the outcome will be.

User error is often touted as one of the most common causes of data breaches. The goal of your loan programs and the steps you employ to carry them out should be to create a user-friendly experience without skimping on network security and other precautionary measures.

For example, employing multi-factor authentication in parts of your data and lending information collection process is inherently more complicated than single-factor authentication, but you are trading safety for convenience. Two-factor authentication is still the best choice when it comes to collecting and storing lending data.

Finding the balance between “easy-to-use” and “optimal protection” should be the simple target you aim for in credit union lending cybersecurity.

Here’s a great article from Medium about cybersecurity in the mortgage process. It goes into more detail about how complexity is the “worst enemy of security.”

Automating Compliance Increases Lending Cybersecurity

Lending cybersecurity is not the only way to protect your credit union loan processes. In fact, much like the risks for cyberattacks have increased, lending compliance issues are also on the rise.

Because compliance is crucial to the efficacy of your credit union, maintaining that credibility should always be a top priority regardless of whether your credit union is growing, merging, or simply focused on optimizing current business operations.

There are several benefits to automating your compliance tasks. Automation is primarily used to ensure that there is no impact to normal operations and production. There is also no learning curve – compliance automation means machine learning drives for you – it is constantly improving and identifying potential violations of internal compliance policies by tracking sensitive data nd where it goes.

By automating your compliance processes with tools and software like IMS’s Polaris Sonar, you can quickly reduce sensitive data exposure without having to add to your current infrastructure or allot employee time towards completing these tasks.

Anomaly Detection – Recover Faster

Cyberattacks on financial institutions are inevitable – your credit union holds a wealth of assets and hackers are always looking for ways to exploit your security systems to take some of those assets for themselves.

And with ransomware on the rise, it’s important to implement the most effective strategy for recognizing ransomware attacks early and defending against them.

IMS has anomaly detection solutions with Polaris Radar to track your data changes over time, replace manual recoveries for minimal business disruption, and increase intelligence with machine learning.

Make sure your credit union lending and all financial data is never used against you for ransom. Learn more about partnering with IMS today by requesting a consultation.

Data Security Best Practices for Credit Unions

Written by

 

Credit unions often serve some of the most vulnerable businesses in their communities. About 50% of small businesses that have a data breach in their operations will close permanently in the following 6 months. While credit unions may not fold so easily in the midst of a cyberattack, it’s still important to have excellent data protection protocols and contingency plans in the event that your data is hacked or compromised, and it’s not just for the benefit of your IT managers. Adopting credit union data security best practices can curb the risks associated with the storage and curation of sensitive customer data.

Data security is an ever-evolving and often underestimated superpower in the financial world. There are many great ways to improve your data security. 

Barriers to Entry and Enhancement

Protecting your data, while always a worthy investment, is often very expensive, especially for smaller institutions. Onsite data protection is a great start, but the events of 2020 have also shed light on the many business’s shortcomings in the online data security arena. Without proper training and monitoring, employees can also easily perform unsafe data handling. As email scammers and hackers get more creative, the chances you or your business will be a victim of a cyberattack only grows.

Recognize potential threats

The first thing you should do is check your weak spots: gather a list of information that is most valuable to scammers. Knowing what the high-risk data is, and where it’s stored, is half the battle, as they say. Creating protocols and programs that scan for these valuable tidbits is a great way to pull this information together quickly and precisely.

Potential threats can also include older technology, like employees who leave login credentials or other access information somewhere easily accessible or noticed. Just because it’s not stored in a sophisticated and expensive device doesn’t mean it can’t be used to wreak havoc on your business.

Put Your Guard Up

Once you’ve identified your top targets, it’s time to reinforce them. Encryption is a common tool for protecting sensitive information, and it can be used on many fronts. Leverage tools like the ACET to set standards and controls that install safeguards against bad actors on your systems.

Diversify your approach using malware defenses, continuous monitoring systems, employee procedures, and the like. Your outside vendors are also common entry points for cyberattackers. Make sure your protections extend to these dealings as well. 

Don’t forget to test your systems. Remember school tornado drills? It’s wise to practice these protocols in a controlled environment to be sure your institution is prepared for the real deal.

Conclusion

Credit union data security is an industry that evolves at breakneck speeds. A system that worked perfectly last year could leave dangerous gaps in your cybersecurity offerings this year and it is wise to keep an eye on new trends both in cybercrime and in the tools industry leaders are using to mitigate the risks.

Cybersecurity maintenance is a continuous and all-encompassing endeavor. Contact us for help, we can protect your data and meet your cybersecurity needs.

Using IaaS to Grow Your Business

Written by

Infrastructure as a Service (IaaS) is an instant cloud computing infrastructure provisioned over the internet. In an IaaS model, a cloud provider hosts the infrastructure components that’s normally present in an on-site data center, including servers, storage and networking hardware. 

IaaS provides a range of services to accompany infrastructure components, such as billing, monitoring, security, backup and recovery. These services are policy-driven, allowing users to automate and orchestrate important tasks. In general, credit unions benefit from IaaS because they don’t have to maintain the hardware, networking or maintenance involved with physical assets like servers and data centers.

For many credit unions, especially small and medium-sized institutions, IaaS is an affordable, high-performing tool that keeps costs low. Managing IT resources on-premise can be cost-prohibitive, so IaaS makes you more competitive with larger companies.

Here’s what IaaS can do:

  • Enhance business continuity by maintaining access to your applications and data during a disaster or outage. Organizations are better equipped to handle unpredictable and growing storage needs, especially for the management of backup and recovery systems.
  • Accommodate specifications on-demand. Teams can quickly set up and dismantle test and development environments, expediting the process to bring new applications to market. Essentially, it’s easier to scale up development-test environments with IaaS. 
  • Increase stability, reliability and support on an ongoing basis without having to upgrade software or troubleshoot equipment.
  • Support new Software as a Service (SaaS) applications for call centers, customer portals and e-commerce solutions – anything that makes it easier and more efficient to do business. 

Advantages

Powered by VMware vCloud technology and accessed through vCloud Director, the IMS cloud is designed to support development, testing, disaster recovery and production.

We offer a self-service, enterprise-grade cloud IaaS solution for your specific needs. Our latest offering reduces capital expenses by eliminating upfront costs that comes with setup and ongoing maintenance. The IMS pay-as-you-go model allows you to pay for only the components you need. 

We invite you to make the most of your virtual data center and optimize cloud costs. Contact us when you’re ready to free up your team to focus on growing your credit union.

Protect Data When Working from Home

Written by

With so many people working from home during this time, virtual desktops have become the norm for credit unions today. Remote connections provide workers with the ability to access data at home, on the road or a remote office. However, the increase in remote work has also led to an increase in cyberattacks. As end-user applications are evolving, so are the techniques bad actors are using to attack your data system. 

Credit unions should ensure they have the proper security protocols in place to stay safe. There are multiple vulnerabilities where remote desktops are exposed to malware attacks, including email and user-installed applications. Attackers like to gain control over a personal and work laptop and impersonate the user.

Additionally, there may be logistical challenges with assessing hardware needs, privacy and managing multiple devices. But, adopting the right security practices will protect data across all endpoints. Taking a comprehensive approach to security will allow you to easily manage the status of these areas.

Since employees are connecting to your system through a corporate virtual desktop infrastructure (VDI), it’s important to have security solutions in place to work across different platforms. Everything from transferring data to personal devices to using unsecured networks are common mistakes employees make when working from home. Here are a few things to keep an eye on with your team:

  • Using an insecure network. It’s possible employees are using home networks that are less secure compared to being at the office with WiFi acting as the biggest offender. That’s why your credit union should use a secure, virtual desktop environment to access sensitive information and apps. 
  • Transferring data to personal devices. Your credit union may have issued workers with a company laptop but your team may also be using a personal computer to work. It’s not uncommon for employees to move documents from work computers to a home computer, smart device or personal cloud service for ease of use. Unfortunately, the security mechanisms in place are far less secure than a business laptop or a VDI. 
  • Sharing access credentials. Bottlenecks often occur when one employee has to wait for another colleague to complete a task. To expedite the process they might share their login credentials to an application or database so their colleague can access what’s needed and reduce that bottleneck. Not only is this an unapproved action it becomes problematic when done over an insecure network. 
  • Inadvertently sharing private information with friends. While teams have transitioned to hosting meetings via video chat and using social media as an outline to stay connected, workers may be leaking sensitive information without knowing it. This may be leaving a comment on Facebook about what it’s like working from home, taking a photo or video of your home office or displaying a computer setup. These are all risk factors to causing data leaks.

To avoid these pitfalls, your IT team should implement additional security controls and set up guidelines on what to install, download or share to avoid security breaches when working from home. They should also retrain staff on the most appropriate ways to handle sensitive information. Performing continuous security testing will reduce the possibility of malicious attacks on your system.

Financial institutions are always a target for cyber attacks, so it’s critical you identify any vulnerabilities. The most effective thing to do is enable our private cloud to deliver easily managed services. IMS provides a complete virtual workspace that allows your credit union to rapidly transform desktops and applications to users on any device, anywhere in a secure way.

Leveraging the ACET to Advance Cybersecurity

Written by

 

People choose credit unions because of their customer service, accessibility and focus on its members. Credit unions instill a sense of trust and loyalty by creating customer-friendly relationships and ensuring members their money is safe. To nurture that trust, it’s essential for you to do everything possible to keep information safe. 

Examining protections and operations

Credits unions are still financial institutions that must have the same protections as any bank. In setting standards and controls to install safeguards against bad actors, more credit unions are embracing the Automated Cybersecurity Examination Tool (ACET), provided by the National Credit Union Administration. The ACET assesses how each institution prevents and prepares for cyberattacks and threats through a standardized examination of nearly 500 questions and 200 documents required for submission. 

Based on the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool, the ACET improves and standardizes how the NCUA supervises cybersecurity for all federally-insured credit unions on a rolling basis. It basically helps determine a credit union’s exposure to risk by identifying the type and complexity of operations, as well as the level of risk and corresponding controls. The ranking ranges from baseline to innovative.

Last year, NCUA used the ACET to assess credit unions with more than $250 million in assets and will continue to deploy an updated version this year for credit unions with assets over $100 million. Ultimately, the exam will be scaled to the size and risk profile of the financial institution. Starting in 2022, maturity assessments will be done once every four years.

Improving the maturity of your cybersecurity

A lot of attention has been focused on how to prepare for the assessment, but your team should also be focusing on ways to improve cybersecurity maturity. The ACET uses the same maturity levels as the CAT: Baseline, Evolving, Intermediate, Advanced and Innovative.

Business people analyzing financial dataThe question becomes, what technologies are you implementing to move beyond the baseline and into an advanced and innovative tier. What technologies are being used to reduce risks and attacks while also increasing ease of oversight and collaboration. Additionally, what practices and processes are in place to protect data, infrastructure and information? 

Resilience entails everything from planning and having continuous, automated backup protection to mitigation and recovery during a cyber incident. 

What steps are you taking to ensure your systems and data centers are hosted offsite and within cloud environments? What type of ransomware recovery is in place? Is your IT team spending more time managing complex legacy systems?

The ACET is an opportunity to do more than answer questions but also take steps to evolve your backup and recovery process. Ultimately, an investment in the right system will go a long way in building trust and strengthening relationships with members.

We understand that cybersecurity compliance can be costly, which is why specialize in providing the best and most cost-effective services for credit unions. Let’s find the right solutions for your credit union.