Grants can provide the boost a credit union needs to address those undervalued or overly costly issues they might not have the funds to cover otherwise, particularly so in low-income areas. The Community Development Revolving Loan Fund (CDRLF) grant makes it a priority to identify specific areas of credit union operations that are likely underfunded in low-income areas and designates monies to these initiatives. For 2021, the CDRLF outlined cybersecurity as one of these initiatives and it couldn't be more timely.
The Digital Services and Cybersecurity Initiative is defined as follows:
"The Digital Services and Cybersecurity initiative provides financial assistance to credit unions to modernize, innovate, and protect credit unions and members against cyberattacks. The goal of the initiative is to increase the access of safe, secure digital financial products and services to low-income and underserved communities. The NCUA also encourages credit unions to apply for this initiative to help the credit union meet the challenges created by the COVID-19 pandemic. Applicants can request funding for equipment needed to improve their remote work posture or implement new financial products and services which provide members access to the credit union without physical access to the branch." The maximum award associated with this initiative is $7,000.00.
The importance of cybersecurity programs in credit unions in 2021
Cybersecurity has been an increasingly important factor to consider for every business, but last year rocketed that importance into a new stratosphere. In 2020, when the whole world went home, hackers went to work. With everyone tapping into their less-than-secure home networks for working and conducting daily transactions, a huge opportunity was created for bad actors. While all industries became targets, the financial sector always draws extra attention. Between February and April of 2020 alone, cyber attacks against financial institutions increased by 238%. Credit unions made quick operational adjustments to respond to shuttered branches and to continue serving their members. This included upping their digital services game exponentially - and fast.
Protecting credit union data is critical not only because they are responsible for their member's money, but also because compliance regulations require it. While cybersecurity used to be focused on anti-virus programs and firewalls, today’s threats are far more advanced and your credit union needs to be ready.
Critical focus areas for credit union cybersecurity
Credit unions are vaults of personal information and wealth. If there is a breach, a CU may never recover from the harm caused to members, financially and in loss of trust. The first level of defense is a well-defined information security policy that is in line with the credit union's complexity and size. The second is regular risk assessments. As technology is changed or upgraded within the branch, it must be reviewed and tested for potential vulnerabilities or impacts the change could have on the existing digital ecosystem.
A third area of importance is to utilize active and up-to-date apps, software, and virus and malware programs on all devices, including members and staff that may be on the credit unions network. Cybercriminals evolve their tactics daily and your software provider's release updates should address them.
For the many digital and mobile services that CUs have adapted, authentication factors and password requirements need to be put in place. This can protect your member's private information on the inside, as well as protecting the credit union from bad actors on the outside.
Resources and tools for credit union security
The CDRLF grant funding will be a boon to any credit union that receives it - especially for digital service and cybersecurity use. For all CUs, there are some free resources available that can help you bolster your security efforts. The Federal Financial Institutions Examination Council (FFIEC) offers a range of resources including a Cybersecurity Assessment Tool to help you understand vulnerabilities. The NCUA’s Automated Cybersecurity Examination Tool can also be useful.
The majority of breaches occur as a result of human negligence. It is important to educate your staff on cybersecurity threats, how to detect them, how to avoid them, and what to do in the event of a potential breach as well, and there are many free resources available online to help with this. Ensuring that your people understand the nature of current cyberattacks, like phishing and ransomware, can go a long way in reducing the likelihood that your credit union will fall victim.
A combination of awareness, training, having forward-thinking vendors with modern technology in place will go a long way to protecting your credit union from cyber threats. Your credit union needs to make cybersecurity a priority, whether you're applying for the grant, have funds in place already or are planning for the future. Failure to prepare for cyber threats is preparing to fail.