Why Having the Right Core System Is Important

 

2020 does not look like anyone could have ever imagined, and having the right core system for your credit union is paramount. Innovation, rapid adoption of digital solutions, and finding ways to keep our customers without allowing them to visit brick-and-mortar locations as they have always done are just a few of the huge pivots the year has brought us so far.

Your core system is the foundation by which you serve your loyal customers and your community. Is it time to consider changing or upgrading it?

Areas for Growth

With the need for digital solutions at an all-time high, credit unions are faced with the need to update their online offerings. As a whole, credit unions serve smaller communities and customer bases than many banks, but the personal service and helpful staff are what sets them apart.

Since the in-person visits are lower than ever and many employees are working from home, offering web portals and apps for doing credit union business in a safe and socially distant manner will potentially create an influx of new, younger clientele.

Your Core System

The Credit Union Journal  reports that “more than 20% of members surveyed expect a permanent decrease in the frequency of their branch visits once post-COVID-19 life begins.” As we shift and adapt to this new normal, perhaps it’s also time to see what technologies your credit union employs, and how they could be optimized to better serve you and your customers.

Many credit unions have a historically well-rated core system, but that doesn’t mean the standard core system from years ago is still the best option. In a world full of technology solutions, flexibility and customization rule the day. And while change is hard, the last few months have proven that when push comes to shove, a business can adapt rapidly.

Core systems have all the power that a large corporation needs to run its business for decades. But what happens when a smaller institution using that same core system runs into problems? These smaller businesses, like credit unions, don’t have the resources or manpower to justify having a team of people available to monitor and fix these systems. As with hiring, payroll, and other departments, credit unions have to streamline their business to offer the same valuable services at a fraction of the scale.

Opportunities

Your core system is the lifeblood of your business. And when it’s implemented correctly, it saves your credit union time and money by taking some of the tedium out of your employee’s hands so they can focus on serving your customers. In these uncertain times, analyzing your core system could help keep costs down and streamline processes that are difficult to perform with some or most of your workforce conducting business from home.

Core Hosting with IMS

IMS offers core hosting. If your credit union is considering a core move, let us share how we can save you significantly and provide peace of mind knowing you have industry experts maintaining and managing your most valuable assets.

Contact us to see what solutions we can create for your credit union.


Data Security Best Practices for Credit Unions

 

Credit unions often serve some of the most vulnerable businesses in their communities. About 50% of small businesses that have a data breach in their operations will close permanently in the following 6 months. While credit unions may not fold so easily in the midst of a cyberattack, it’s still important to have excellent data protection protocols and contingency plans in the event that your data is hacked or compromised, and it’s not just for the benefit of your IT managers. Adopting credit union data security best practices can curb the risks associated with the storage and curation of sensitive customer data.

Data security is an ever-evolving and often underestimated superpower in the financial world. There are many great ways to improve your data security. 

Barriers to Entry and Enhancement

Protecting your data, while always a worthy investment, is often very expensive, especially for smaller institutions. Onsite data protection is a great start, but the events of 2020 have also shed light on the many business’s shortcomings in the online data security arena. Without proper training and monitoring, employees can also easily perform unsafe data handling. As email scammers and hackers get more creative, the chances you or your business will be a victim of a cyberattack only grows.

Recognize potential threats

The first thing you should do is check your weak spots: gather a list of information that is most valuable to scammers. Knowing what the high-risk data is, and where it’s stored, is half the battle, as they say. Creating protocols and programs that scan for these valuable tidbits is a great way to pull this information together quickly and precisely.

Potential threats can also include older technology, like employees who leave login credentials or other access information somewhere easily accessible or noticed. Just because it’s not stored in a sophisticated and expensive device doesn’t mean it can’t be used to wreak havoc on your business.

Put Your Guard Up

Once you’ve identified your top targets, it’s time to reinforce them. Encryption is a common tool for protecting sensitive information, and it can be used on many fronts. Leverage tools like the ACET to set standards and controls that install safeguards against bad actors on your systems.

Diversify your approach using malware defenses, continuous monitoring systems, employee procedures, and the like. Your outside vendors are also common entry points for cyberattackers. Make sure your protections extend to these dealings as well. 

Don’t forget to test your systems. Remember school tornado drills? It’s wise to practice these protocols in a controlled environment to be sure your institution is prepared for the real deal.

Conclusion

Credit union data security is an industry that evolves at breakneck speeds. A system that worked perfectly last year could leave dangerous gaps in your cybersecurity offerings this year and it is wise to keep an eye on new trends both in cybercrime and in the tools industry leaders are using to mitigate the risks.

Cybersecurity maintenance is a continuous and all-encompassing endeavor. Contact us for help, we can protect your data and meet your cybersecurity needs.


Credit Unions and COVID-19

 

The emergence and development of the coronavirus pandemic have impacted the world in ways that likely won’t ever go away. Credit unions are not immune to the pandemic, but what have they been doing differently since the COVID-19 outbreak started? 

Changes for Members

The changes for members go much deeper than just incorporating social distancing and expanding online options to curb the spread of the virus. Many credit unions offered (and continue to offer) things like loan repayment holidays, emergency loan guarantees, credit card interest rate reductions, fee waivers, and extensive financial counseling.

These changes, coupled with targeted government stimulus and unemployment relief has helped ease the financial burden on credit union members. According to a Credit Union Times article, credit unions paid out $9.6 billion in business loans through the Paycheck Protection Program, supporting 51 million jobs.

To slow the spread of the virus, many credit unions also relied on recommending members perform more cashless transactions. Credit and debit card use as well as limiting large cash deposits and withdrawals were also encouraged.

Changes to Credit Union Operations

While deciding how to help members continue their financial journey, credit unions were also navigating the transition from physical business to mostly virtual and digital operations. Many countries deemed credit unions (along with larger national bank chains) as essential, so new protocols were implemented at astonishing rates.

The room and building maximum capacities are being downsized and many CUs had at least part of their labor pool working from home during shutdowns and shelter-in-place orders, which created a need for cybersecurity tips and best practices.

The WFH measures are likely here to stay, and the limited room capacities will be in place for the rest of 2020. Some countries have gotten a handle on their COVID cases, but the US is a long way from being COVID-free. This means in-person meetings and transactions will continue to be lower than average, while online offerings will continue to be a preferred method.

Policy Changes

From a technical standpoint, many institutions even made changes to services like commercial underwriting processes. While the COVID-19 pandemic may be a once-in-a-lifetime event, the importance of a strong contingency plan could be a higher priority for lenders considering the merits of a small business loan application.

Post-COVID

Though this pandemic is far from over, credit unions have now stopped merely reacting to the crisis and are working diligently to adapt and move forward. Many businesses are taking this time to search for ways to streamline, digitize, and automate certain aspects of everyday operations. 

73% of employers, regardless of business size, are now considering keeping work-from-home positions, which means data security and easy online access will become a necessity. Larger businesses may need to make tough decisions concerning mergers and consolidations. For smaller CUs, this is a great time to trim time-consuming practices from employees’ workloads.

Contact us when you’re ready to help take some of the burden off your team so they can focus on growing your credit union during these unprecedented times.


Protect Data When Working from Home

With so many people working from home during this time, virtual desktops have become the norm for credit unions today. Remote connections provide workers with the ability to access data at home, on the road or a remote office. However, the increase in remote work has also led to an increase in cyberattacks. As end-user applications are evolving, so are the techniques bad actors are using to attack your data system. 

Credit unions should ensure they have the proper security protocols in place to stay safe. There are multiple vulnerabilities where remote desktops are exposed to malware attacks, including email and user-installed applications. Attackers like to gain control over a personal and work laptop and impersonate the user.

Additionally, there may be logistical challenges with assessing hardware needs, privacy and managing multiple devices. But, adopting the right security practices will protect data across all endpoints. Taking a comprehensive approach to security will allow you to easily manage the status of these areas.

Since employees are connecting to your system through a corporate virtual desktop infrastructure (VDI), it’s important to have security solutions in place to work across different platforms. Everything from transferring data to personal devices to using unsecured networks are common mistakes employees make when working from home. Here are a few things to keep an eye on with your team:

  • Using an insecure network. It’s possible employees are using home networks that are less secure compared to being at the office with WiFi acting as the biggest offender. That’s why your credit union should use a secure, virtual desktop environment to access sensitive information and apps. 
  • Transferring data to personal devices. Your credit union may have issued workers with a company laptop but your team may also be using a personal computer to work. It’s not uncommon for employees to move documents from work computers to a home computer, smart device or personal cloud service for ease of use. Unfortunately, the security mechanisms in place are far less secure than a business laptop or a VDI. 
  • Sharing access credentials. Bottlenecks often occur when one employee has to wait for another colleague to complete a task. To expedite the process they might share their login credentials to an application or database so their colleague can access what’s needed and reduce that bottleneck. Not only is this an unapproved action it becomes problematic when done over an insecure network. 
  • Inadvertently sharing private information with friends. While teams have transitioned to hosting meetings via video chat and using social media as an outline to stay connected, workers may be leaking sensitive information without knowing it. This may be leaving a comment on Facebook about what it’s like working from home, taking a photo or video of your home office or displaying a computer setup. These are all risk factors to causing data leaks.

To avoid these pitfalls, your IT team should implement additional security controls and set up guidelines on what to install, download or share to avoid security breaches when working from home. They should also retrain staff on the most appropriate ways to handle sensitive information. Performing continuous security testing will reduce the possibility of malicious attacks on your system.

Financial institutions are always a target for cyber attacks, so it’s critical you identify any vulnerabilities. The most effective thing to do is enable our private cloud to deliver easily managed services. IMS provides a complete virtual workspace that allows your credit union to rapidly transform desktops and applications to users on any device, anywhere in a secure way.


Leveraging the ACET to Advance Cybersecurity

 

People choose credit unions because of their customer service, accessibility and focus on its members. Credit unions instill a sense of trust and loyalty by creating customer-friendly relationships and ensuring members their money is safe. To nurture that trust, it’s essential for you to do everything possible to keep information safe. 

Examining protections and operations

Credits unions are still financial institutions that must have the same protections as any bank. In setting standards and controls to install safeguards against bad actors, more credit unions are embracing the Automated Cybersecurity Examination Tool (ACET), provided by the National Credit Union Administration. The ACET assesses how each institution prevents and prepares for cyberattacks and threats through a standardized examination of nearly 500 questions and 200 documents required for submission. 

Based on the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool, the ACET improves and standardizes how the NCUA supervises cybersecurity for all federally-insured credit unions on a rolling basis. It basically helps determine a credit union’s exposure to risk by identifying the type and complexity of operations, as well as the level of risk and corresponding controls. The ranking ranges from baseline to innovative.

Last year, NCUA used the ACET to assess credit unions with more than $250 million in assets and will continue to deploy an updated version this year for credit unions with assets over $100 million. Ultimately, the exam will be scaled to the size and risk profile of the financial institution. Starting in 2022, maturity assessments will be done once every four years.

Improving the maturity of your cybersecurity

A lot of attention has been focused on how to prepare for the assessment, but your team should also be focusing on ways to improve cybersecurity maturity. The ACET uses the same maturity levels as the CAT: Baseline, Evolving, Intermediate, Advanced and Innovative.

Business people analyzing financial dataThe question becomes, what technologies are you implementing to move beyond the baseline and into an advanced and innovative tier. What technologies are being used to reduce risks and attacks while also increasing ease of oversight and collaboration. Additionally, what practices and processes are in place to protect data, infrastructure and information? 

Resilience entails everything from planning and having continuous, automated backup protection to mitigation and recovery during a cyber incident. 

What steps are you taking to ensure your systems and data centers are hosted offsite and within cloud environments? What type of ransomware recovery is in place? Is your IT team spending more time managing complex legacy systems?

The ACET is an opportunity to do more than answer questions but also take steps to evolve your backup and recovery process. Ultimately, an investment in the right system will go a long way in building trust and strengthening relationships with members.

We understand that cybersecurity compliance can be costly, which is why specialize in providing the best and most cost-effective services for credit unions. Let’s find the right solutions for your credit union.


3 Cybersecurity Tips During COVID-19

A crisis is not the time to discover that your backup and recovery solutions do not work.

The current climate of COVID-19 leaves many credit unions vulnerable to fraudsters stealing personal information, money, transaction records and other valuable data. Recently, the FBI reported that there is an increase in business email compromise (BEC) scams that targets anyone who performs legitimate fund transfers. BEC frauds are targeting municipalities that are purchasing supplies and personal protective equipment needed during the pandemic.

Hackers and bad actors are preying on consumers as online buying and digital payments increases during this time of social distancing. Additionally, staff shortages, teleworking and unavailable workers makes it harder to sustain business operations. Any loss or data theft can jeopardize the reputation of your financial institution, damage relationships with members and put your business at risk. Credit unions must be prepared for any illicit financial activity that occurs, similar to other disaster recovery protocols.

To protect your business before disaster strikes, ensure there is a reliable recovery process in place. Here’s where to start:

  • Identify gaps in security. Test data before disaster strikes to provide recovery assurance and identify where there are areas of vulnerability. Tape backups are fragile and subject to damage, theft and destruction. Plus, they involve multi-step procedures that are susceptible to human errors. With more employees working remotely due to social distancing, can you rely on a system that requires scheduling jobs and transporting tapes between multiple locations? 
  • Businessman working from home on computerProvide secure remote and branch office solutions. Having multiple remote office and branch office (ROBO) sites pose challenges when it comes to data protection. There are employees that are reliant upon remote access to do their jobs and need their own data backup. There may also be an increase in the number of cyber attacks on computers, equipment and unprotected networks as employees work from home. Ensuring resources are available and secure through virtual desktops is also key to having a productive workforce without sacrificing security and control.
  • Maintain continuous protection. Using multiple hardware and software components for backup solutions can bog down efficiency. Tapes fail and it’s an inconvenience to drive to the credit union to replace them. Simplify backup and recovery with hybrid cloud environments that lets you manage all your data through one responsive interface. Not only can you recover files in the cloud with a few clicks, you can also manage the frequency and duration of backups. Your credit union will spend less time manually configuring jobs with an automated system.

Now that credit unions are transitioning to conducting more business through virtual means, it’s important you’re using the best systems for backup and disaster recovery. Fraudsters will make every attempt to steal valuable information so your data must be secure, accessible and backed up regularly.

One of the best decisions you can make is to work with Integrated Management Solutions who understands the value of your data. Let’s talk about the right solutions for your credit union.