Consumer data is perhaps the most valuable asset that financial institutions possess, and protecting that data is essential to any institution’s integrity.
As the digitally driven world continues to develop, many financial institutions remain on edge. Although the digital expansion has proven beneficial in matters of convenience and customer service, it also has brought with it a plethora of new threats from hackers trying to steal consumer data. Ransomware, phishing, social engineering, and other cybersecurity risks not only have been on the rise in the past decade, but also have grown in sophistication and precision. This begs the question: is your institution ready for the unique cybersecurity challenges of 2017?
For First Entertainment Credit Union (FECU), the answer to that question is a resounding “yes.” The credit union, located in Hollywood, Calif., takes cybersecurity threats very seriously, because, as CIO Janet Phillips explains, all it takes is one breach. “When I think about the return on investment for a cybersecurity assessment, I consider the cost of not being secure. A single incident could be catastrophic to an organization.”
With concerns surrounding consumer data fresh in her mind, Phillips engaged CSI’s risk assessment team to ensure its risk posture was as strong as possible. The process has three essential steps:
Step 1. Risk Assessment: First, CSI’s risk experts identified areas within FECU that were susceptible to leading cybersecurity threats using IT and cybersecurity risk assessments. These evaluations assessed the institution’s capacity for safeguarding assets and ensuring data availability, confidentiality and integrity. The assessments consisted of an onsite visit to the institution, interviews with credit union staff, and reviews of FECU’s policies, procedures and various other control-related documentation. From this information, detailed reports were issued to the credit union outlining the risk levels of FECU’s assets as well as highlighting recommended changes. These reports were presented in an easily understood format, Phillips said.
Step 2. Implementation: Once the major risks had been identified, FECU gained a clear understanding of the steps necessary to strengthen its cybersecurity defenses. Because the reports from the CSI team were easily communicated across the organization, implementation was simplified and changes to the credit union’s cybersecurity protocols were made swiftly and efficiently.
Step 3. Constant Vigilance: As the regulatory environment changes, so too does the risk profile of every financial institution. FECU’s stronger cybersecurity protocols allow it to be ready for any potential threats in the future, ensuring continued protection of both the credit union and its members. Constant knowledge of trending and emerging threats is essential in ensuring a secure future. The emergence of new cybersecurity threats in the coming years is unavoidable.
Through its relationship with CSI, FECU found its strengths and weaknesses and enhanced its risk posture. Learn more about how CSI helped FECU strengthen its defenses against cybersecurity threats, and be sure to register for CSI’s Bi-Annual Cybersecurity Webinar to hear industry-leading insight on ransomware trends in 2017—and what your institution can do to keep consumer data safe.
Tyler Leet serves as director of Risk and Compliance Services for CSI’s Regulatory Compliance Group. With more than a decade of experience in the information security, risk and compliance industries, Tyler oversees and participates in the development and maintenance of the risk and compliance-related services conducted for a wide variety of financial institutions and organizations in other vertical markets. He frequently speaks at conferences and seminars and is often cited in industry publications.