Cybersecurity Frameworks and Employee Training Required for the Road Ahead

Cybersecurity Frameworks and Compliance Frameworks for the Road AheadIn my previous post, “Can Credit Unions Really Prepare for the Unexpected?,” I discussed the need to review and adjust business continuity plans to be able to effectively pivot even when faced with dramatic business process changes.

The dramatic shift resulting from the COVID-19 pandemic will lead to substantial changes in credit union security and compliance frameworks and the need for ongoing employee engagement in cybersecurity and compliance issues.

Evolving Cybersecurity and Compliance Frameworks

This is the time to review your overall security and compliance program. As a credit union or bank, maybe you are required to adopt a regulatory framework like the NCUA’s ACET and FFIEC. But even if you are a small organization and are not required to adopt a formal regulatory framework, it is a highly recommended practice.

If you have already adopted a framework, explore how it can take you to the next level of maturity. Additionally, these frameworks will continue to evolve and offer guidance in key areas you must monitor to ensure your communications and networks are secure and compliant.

Your bank or credit union is ultimately responsible for your security and compliance. However, security and compliance skills are not your core business, so I recommend working with a partner who can help you adopt a framework allowing your credit union to expend more resources serving your customers. Additionally, find a partner who can help take you to the next level of cybersecurity maturity. This most definitely does not mean replacing your current compliance and security team, but rather providing them with the support they need to adapt to an environment that has dramatically changed and one that will continue to evolve.

Reflecting the considerable changes the industry has undergone, we can expect that regulatory frameworks will formally change as a result of the pandemic. We have seen many new types of attacks, and there are now gaps in these frameworks as a result of a business environment with much more remote activity.

In response to the changed and in some cases still paused business environment, CUNA launched its COVID-19 Restart and Recovery Task Force, which I expect will influence security and compliance frameworks.

Upcoming framework adjustments will likely be both substantial and ongoing. So for many organizations, continuous engagement with a security and compliance partner who can take you through this journey will be extremely valuable.

Ongoing Cybersecurity and Compliance Employee Engagement

The need for employee training and engagement is not new, but needs have evolved and grown more urgent. Credit unions must have ongoing programs to proactively engage and educate employees. As a result of increased phishing attacks and the new risks of at-home work being better understood, regulations are and will be changing to require security awareness training.

Credit unions will need to determine what is acceptable from a remote work point of view and train accordingly. This new training will need to be in addition to further emphasizing existing phishing and cybersecurity-related training.

Organizations will also need to be creative in the ways they engage employees and the policy update dialog must be a two-way conversation. Employees must be able to share the challenges they are experiencing within their remote work environments to avoid at-home workers creating workarounds that could compromise security. 

It is all too common for employees to develop shadow ID systems for convenience, which was already happening when we were all in the office. A couple CUNA Business Continuity Issuesof years ago, I was working with a client and learned that one of their employees had set up an Access database on his hard drive solely managed by him so that he could run ad hoc reports more easily. An unsecure shadow ID system was sitting on his desktop rather than the employee more securely accessing the data directly from the reporting system. Clearly, the reporting system was in some way too cumbersome and needed to be adjusted to both maintain security and allow for work productivity. This problem could undoubtedly worsen in a remote work environment unless employees are educated on security and compliance work best practices and encouraged to share their work challenges.

Ultimately, rather than simply presenting a list of rules and procedures that might seem arbitrary, all employees must fully understand the security and compliance ramifications of their actions.

These are challenging times that require a great deal of thought and many technological resources. If you need help adjusting cybersecurity frameworks, compliance frameworks and employee training programs, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or learn@silversky.com.

Head of Product Management, Email Protection and Cloud Email , SilverSky
SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.
follow me

Previous

Next

Managed Detection and Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email and Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance and Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.

Healthcare

Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.

Retail

Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Resources

White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 

Events & Webinars

Blog

Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion

Share This