People choose credit unions because of their customer service, accessibility and focus on its members. Credit unions instill a sense of trust and loyalty by creating customer-friendly relationships and ensuring members their money is safe. To nurture that trust, it’s essential for you to do everything possible to keep information safe. 

Examining protections and operations

Credits unions are still financial institutions that must have the same protections as any bank. In setting standards and controls to install safeguards against bad actors, more credit unions are embracing the Automated Cybersecurity Examination Tool (ACET), provided by the National Credit Union Administration. The ACET assesses how each institution prevents and prepares for cyberattacks and threats through a standardized examination of nearly 500 questions and 200 documents required for submission. 

Based on the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool, the ACET improves and standardizes how the NCUA supervises cybersecurity for all federally-insured credit unions on a rolling basis. It basically helps determine a credit union’s exposure to risk by identifying the type and complexity of operations, as well as the level of risk and corresponding controls. The ranking ranges from baseline to innovative.

Last year, NCUA used the ACET to assess credit unions with more than $250 million in assets and will continue to deploy an updated version this year for credit unions with assets over $100 million. Ultimately, the exam will be scaled to the size and risk profile of the financial institution. Starting in 2022, maturity assessments will be done once every four years.

Improving the maturity of your cybersecurity

A lot of attention has been focused on how to prepare for the assessment, but your team should also be focusing on ways to improve cybersecurity maturity. The ACET uses the same maturity levels as the CAT: Baseline, Evolving, Intermediate, Advanced and Innovative.

The question becomes, what technologies are you implementing to move beyond the baseline and into an advanced and innovative tier. What technologies are being used to reduce risks and attacks while also increasing ease of oversight and collaboration. Additionally, what practices and processes are in place to protect data, infrastructure and information? 

Resilience entails everything from planning and having continuous, automated backup protection to mitigation and recovery during a cyber incident. 

What steps are you taking to ensure your systems and data centers are hosted offsite and within cloud environments? What type of ransomware recovery is in place? Is your IT team spending more time managing complex legacy systems?

The ACET is an opportunity to do more than answer questions but also take steps to evolve your backup and recovery process. Ultimately, an investment in the right system will go a long way in building trust and strengthening relationships with members.

We understand that cybersecurity compliance can be costly, which is why specialize in providing the best and most cost-effective services for credit unions. Let’s find the right solutions for your credit union.