Cybersecurity Frameworks and Compliance Frameworks for the Road AheadIn my previous post, “Can Credit Unions Really Prepare for the Unexpected?,” I discussed the need to review and adjust business continuity plans to be able to effectively pivot even when faced with dramatic business process changes.

The dramatic shift resulting from the COVID-19 pandemic will lead to substantial changes in credit union security and compliance frameworks and the need for ongoing employee engagement in cybersecurity and compliance issues.

Evolving Cybersecurity and Compliance Frameworks

This is the time to review your overall security and compliance program. As a credit union or bank, maybe you are required to adopt a regulatory framework like the NCUA’s ACET and FFIEC. But even if you are a small organization and are not required to adopt a formal regulatory framework, it is a highly recommended practice.

If you have already adopted a framework, explore how it can take you to the next level of maturity. Additionally, these frameworks will continue to evolve and offer guidance in key areas you must monitor to ensure your communications and networks are secure and compliant.

Your bank or credit union is ultimately responsible for your security and compliance. However, security and compliance skills are not your core business, so I recommend working with a partner who can help you adopt a framework allowing your credit union to expend more resources serving your customers. Additionally, find a partner who can help take you to the next level of cybersecurity maturity. This most definitely does not mean replacing your current compliance and security team, but rather providing them with the support they need to adapt to an environment that has dramatically changed and one that will continue to evolve.

Reflecting the considerable changes the industry has undergone, we can expect that regulatory frameworks will formally change as a result of the pandemic. We have seen many new types of attacks, and there are now gaps in these frameworks as a result of a business environment with much more remote activity.

In response to the changed and in some cases still paused business environment, CUNA launched its COVID-19 Restart and Recovery Task Force, which I expect will influence security and compliance frameworks.

Upcoming framework adjustments will likely be both substantial and ongoing. So for many organizations, continuous engagement with a security and compliance partner who can take you through this journey will be extremely valuable.

Ongoing Cybersecurity and Compliance Employee Engagement

The need for employee training and engagement is not new, but needs have evolved and grown more urgent. Credit unions must have ongoing programs to proactively engage and educate employees. As a result of increased phishing attacks and the new risks of at-home work being better understood, regulations are and will be changing to require security awareness training.

Credit unions will need to determine what is acceptable from a remote work point of view and train accordingly. This new training will need to be in addition to further emphasizing existing phishing and cybersecurity-related training.

Organizations will also need to be creative in the ways they engage employees and the policy update dialog must be a two-way conversation. Employees must be able to share the challenges they are experiencing within their remote work environments to avoid at-home workers creating workarounds that could compromise security. 

It is all too common for employees to develop shadow ID systems for convenience, which was already happening when we were all in the office. A couple CUNA Business Continuity Issuesof years ago, I was working with a client and learned that one of their employees had set up an Access database on his hard drive solely managed by him so that he could run ad hoc reports more easily. An unsecure shadow ID system was sitting on his desktop rather than the employee more securely accessing the data directly from the reporting system. Clearly, the reporting system was in some way too cumbersome and needed to be adjusted to both maintain security and allow for work productivity. This problem could undoubtedly worsen in a remote work environment unless employees are educated on security and compliance work best practices and encouraged to share their work challenges.

Ultimately, rather than simply presenting a list of rules and procedures that might seem arbitrary, all employees must fully understand the security and compliance ramifications of their actions.

These are challenging times that require a great deal of thought and many technological resources. If you need help adjusting cybersecurity frameworks, compliance frameworks and employee training programs, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or learn@silversky.com.

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.