When selecting and implementing new technology, security is rarely a top priority. It should be. Most IT specialists value stability and functionality above all else in new products because they base their decisions on business needs. The reality, however, is that compromised security is ultimately a business issue, and you will be in a time of heightened vulnerability anytime you introduce new data into your network. When selecting and implementing new technology, a credit union should conduct a thorough review of all potential security issues to pinpoint weaknesses and patch up vulnerabilities. Activate security functions. Since most hardware and software come shipped ready for use, you need to activate security or audit functions if you want them to work. For example, manuals will generally tell you to change the default ID and password, but those instructions are too often overlooked. Virtually every hacker Web site out there has a complete set of default IDs and passwords for commonly used equipment and software. If you don’t change them, they’ll be compromised. Another common mistake is setting everyone up with supervisor-level IDs. Not everyone needs access to everything. Instead, rigorously control who gets high-level access to sensitive resources. Ask yourself the key questions. I advise credit unions to check out their new products from a security perspective by having a ready-made set of security scenarios to test against. When conducting your review, ask yourself several critical questions: *Are there incompatibilities with other parts of your environment? *Do the product’s security features work as advertised? *Does implementing the new product invalidate or bypass security on any existing critical systems? The big question, of course, is “How will you know?” The only way to answer that is by reviewing each new or modified system’s impact on security to ensure that the system itself-as well as the traffic it creates -is secure. Outsource a Vulnerability Assessment The problem with finding security gaps, of course, is that somebody’s got to close them after they’re found. Since fixing everything is literally impossible, risk-level categories show IT people where to focus. An outsourced vulnerability assessment service will deliver prioritized vulnerability lists and recommended fixes for each vulnerability. Vulnerability assessments should scan your hardware and software systems and their configurations, as well as the network and its configurations to analyze multiple layers in the infrastructure. Vulnerability assessments vary in their scope and depth. Traditional third-party VA services scan the first 16,000 ports, view external IP addresses only, and deliver comprehensive reports (in some cases, thousands of pages). For the same cost – often, for less – you can expect full 65,000-port scans of both internal and external IP addresses, graphical executive reports supported by technical detail, and trending data showing a clear picture of your network exposure over time. And you won’t have to worry about babysitting the vendor before, during or after the assessment; getting up at 3 a.m. to launch the process; interrupting network activity to accommodate the scan; or wading through reams of reports. Consider Network Intrusion and Host Intrusion Prevention. What vulnerability assessment doesn’t monitor is traffic sent by the system after installation or traffic that gets through to the system from the Internet. And it’s not just public-facing servers that are vulnerable. Any system that has public access can be. If the desktop runs a browser, it’s vulnerable. That’s why network intrusion and host intrusion prevention are so critical at this stage. Credit union executives are faced with an unprecedented number of security questions in today’s ever-changing world of Internet commerce. My advice to them, however, is always the same: if you want an in-depth defense of your network, you need to pay careful attention to vulnerability assessment of new and changing IT and patch management. And the best place to start is always a thorough security review-before you buy your new system.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?


© 2023 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.


Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2023 ALM Global, LLC. All Rights Reserved.