Amid a sweeping global pandemic where little is certain, businesses have been reminded to prepare for the unexpected. Though this statement sounds reasonable enough, how do we do this? By definition, the unexpected is, after all, unknown.

However, the COVID-19 pandemic has compelled credit unions to develop new business continuity plans, reassess the security for hastily implemented measures, and develop product delivery innovations to serve customers. With new plans and more effective measures in place, credit unions can better anticipate issues and be much more prepared to tackle the unknown.

A New Era of Business Continuity Planning

For many organizations, business continuity planning wasn’t a serious undertaking prior to 2001, but it quickly became a more dedicated practice after the 9/11 attacks. This tragic day made it abundantly clear to businesses across the country that they needed to be more prepared to handle the possibility of extremely disruptive events. In the decade after 9/11, substantial effort was made to improve business continuity planning—to be ready, come what may.

Although much progress had been made since, these plans tended to focus on managing one-off disasters where connectivity or access to specific applications might be lost. Most plans only focused on building redundancies so that data and existing business processes could be rapidly brought back online.

Now fast forward to 2020. COVID-19 has turned the entire world on its head. Existing systems haven’t been damaged or destroyed by an acute disaster. Instead, entire business processes, modes of working, and channels for serving customers had to change virtually overnight. Previously well-thought-out plans designed to restore our systems were not extremely useful. We learned that we needed incident response and business continuity plans that would allow us to radically pivot the very nature of our business at a moment’s notice.

Out of necessity, organizations across the nation deployed thousands upon thousands of laptops and mobile devices to facilitate working from home. Similarly, we enabled vendors and contractors to execute service remotely, and we developed new ways to service our customers even though they could not visit our branches.

Businesses acted out of necessity—and as carefully as possible—but now they must revisit and revise their business continuity plans based on newly developed business processes. Our plans must now consider scenarios involving long periods of remote working, entire market segments needing to access products and services in entirely novel ways, and remote delivery of products and services by technology supply chain partners. 

Risk-Based Assessments, Security Tune-Ups, and Your Technology Supply Chain

Systems need to be continually evaluated to determine their security and compliance risk. Now is a good time to check and adjust the configurations of solutions deployed to enable necessary new business processes, and make sure that they are secure and compliant. Some of these solutions could include video conferencing, customers’ online appointment scheduling, and digital document signing. So many of these technologies were launched very quickly and do warrant another look to make sure they are secure. For instance, a remote teller service and its supporting systems might be classified as high risk and should only be accessed by remote workers via the VPN and multi-factor authentication. Conversely, a call center team can access cloud-based support documentation using only multi-factor authentication protection as it might be considered a lower business risk.  

Business processes with vendors have also changed rapidly, so credit union technology teams need to take some time to evaluate technology supply chains and vendor touch points. Are they accessing your network using secure protocols? 

Build Security into Product Delivery Innovation

Many ancillary services—like loans and new investment accounts—were temporarily halted in March and April 2020. Of course, most banks and credit CUNA Business Continuity Issuesunions had digitized core services years ago, so most online service offerings continued without disruption. In contrast to those core services, ancillary services were traditionally conducted almost entirely in person and required innovation to meet today’s challenges. Additionally, as credit unions and banks continue to reopen, systems as simple as online appointment scheduling tools are needed to control the number of people in a branch at a given time. 

Innovation and investment will need to cater to the priorities of each credit union and the needs of the customer base they serve. Because they are of the utmost importance, I recommend that security and compliance be part of all new implementations—just make sure there is room in your budget to address these critical issues.

 

These are challenging times, but by reworking business continuity plans, revisiting the setup of rapidly enabled technologies, and rethinking product delivery innovation, credit unions truly will be much more prepared for the unexpected. If we can help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or learn@silversky.com. Additionally, I invite you to read the follow-up post to this article, “Cybersecurity Frameworks and Employee Training Required for the Road Ahead.”

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.