When it comes to cybersecurity, all financial institutions must remain vigilant and informed about evolving threats. Just one breach or security incident could have catastrophic consequences. Realizing the need to ensure the integrity of its systems and members’ data, First Entertainment Credit Union in Hollywood, California, decided to engage CSI Regulatory Compliance for its cybersecurity risk assessment, as well as its IT risk assessment and other security-related services.
According to Janet Phillips, the credit union’s CIO, undergoing such risk assessments is crucial to First Entertainment’s best interests.
“We take securing our members’ information very seriously, Phillips says. “In addition to being a regulatory requirement, conducting the cybersecurity risk assessment helps us identify security needs and prioritize projects to continually enhance our security position against evolving threats.”
Getting an Objective, Outside Perspective
Phillips suggests, as a best practice, that it’s a good idea to get outside help from experts like CSI on such tasks as risk assessments. Since CSI I had previously led an IT training program at one of First Entertainment’s planning sessions, Philips engaged CSI’s risk management experts in the credit union’s annual cybersecurity risk assessment.
“Using an outside resource and getting an expert opinion helps you get your arms around your security needs and prioritize changes,” Phillip says. “It also gives you even great confidence in your security position as a whole.”
“A single incident could be catastrophic to an organization”
Janet Phillips
CIO of First Entertainment Credit Union
With CSI selected as its partner, First Entertainment completed the necessary due diligence requirements and then began the process of the cybersecurity risk assessment, which takes about 30 days to complete.
Mitigating Risk and Prioritizing a Response
Getting the risk assessment underway, First Entertainment and CSI held a kickoff call to begin the audit: The credit union gathered and uploaded the necessary documents to a secure portal, so that CSI’s risk expert could review them prior to a site visit. Then, during the on-site visit, the risk expert conducted interviews and reviewed additional documentation in order to create a comprehensive report.
“CSI has been very responsive and detailed in their commentary,” Phillips says. “I am particularly pleased with the reporting format, which gives readers a clear understanding with the right amount of detail. We communicate the findings across the organization, which includes some non-technical audiences, and the style of the report makes it easy for them to comprehend the information.”
Once the report, which helps identify risk levels and where to focus remediation efforts first, was finalized, First Entertainment began mitigating any cybersecurity risks identified during the assessment.
Member Data is Priceless
As First Entertainment continues its organic, controlled growth, Phillips realizes the importance of fostering strong cybersecurity protocols that protect both the institution and its members. The credit union dedicates the necessary resources to its security posture, and Phillips says it does so knowing that member data is priceless.
“When I think about the return on investment for the cybersecurity assessment, I consider the cost of not being secure,” Phillips says. “A single incident could be catastrophic to an organization. Information security is not inexpensive but is much less costly than the repetitional risk associated with data loss.”
First Entertainment measures the success of its entire security program on the safety and soundness of its members’ data. And as Phillips says-and like all credit union leaders know-you can’t put a price tag on that.