Breaking NewsCUTimes.com will be offline for scheduled maintenance Friday Feb. 26 9 PM US EST to Saturday Feb. 27 6 AM EST. We apologize for the inconvenience.

 
X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

LARGO, Md. – It doesn’t matter how large or small a credit union is, NCUA has the same security rules for all of them. That’s why at the $83 million Money One FCU, the CU spends a lot of time and money dedicated to securing its systems. “For a credit union our size, the challenge is NCUA. They’re not saying because you’re a $20 million credit union or a half a billion dollar credit union, you can do it differently. We all have to do the same things,” said Bob Cavaliere, VP of Finance and Operations at Money One. “We’ve been very, very fortunate in the years 2003 and 2004 that we weren’t hit with any worms and viruses. We also understand that you can never relax about security,” said Cavaliere. That’s why Money One uses a mix of in-house and outsourced security solutions. Money One has a three-year contract with Digital Defense for internal and external vulnerability testing through Digital Defense’s FrontLine 2.0 product. The CU also has contracted with Digital Defense for two penetration tests. It keeps those to a minimum because they are very expensive said Cavaliere. Cavaliere said the advantage of FrontLine 2.0 is the speed of the system and the extensive reporting it offers. “Our staff here can look at the reports and it gives us information on every single service and every single device. I’m talking about firewalls, modems, printers, and it will actually list out any vulnerability they find,” said Cavaliere. Digital Defense can monitor the system remotely. It places a box at the CU so it can always know what is going on. “It’s also all point and click, very graphical. There are executive level reports with graphical displays in layman’s terms. It’s always a challenge to have something the board of directors can understand.” Even something as harmless as a printer can cause trouble, said Cavaliere. If a driver isn’t the most up to date, it could allow someone to access the printer and cause disruption. Cavaliere said all vulnerabilities are ranked as high-level, mid-level and low-level. This helps the CU prioritize how it takes action. Cavaliere said some of the vulnerabilities would take such extensive and sophisticated skill by a perpetrator, that sometimes the CU determines it does not have to address them. But all of the high-level risks are always dealt with. Money One doesn’t just rely on Digital Defense. While Digital Defense helps them find the problems, it uses another company to do remeditation. “We feel it’s not best to have all our eggs in one basket,” he said. One of the biggest problems the CU has faced so far has come from a third-party vendor. The CU discovered that a firm that hosted its Web site needed security updates on their end. This reinforces what security experts have been telling credit unions for years – because CUs have so many critical third-party relationships, they must ensure those third-parties are as secure as the credit union needs to be. Cavaliere said once the Web hosting company was made aware of the problem they quickly fixed it. Money One also has three internal tech employees who assist in the security as well as maintain the CU’s in-house ULTRADATA system. Cavaliere said though the CU is relatively small, it offers a nice mix of online services, from bill pay to online lending. Money One is getting Digital Defense’s services at a reduced rate because of a partnership between its corporate credit union, Mid-Atlantic Corporate, and Digital Defense. Jay Murray, COO at the corporate, said Mid-Atlantic itself became a client of Digital Defense before it partnered with them to offer their products to their members. “We learned how easy systems can be penetrated with the right hacking tools, and have built a very tight security program around learning from Digital Defense. We also created a systems security position a couple year ago,” said Murray. The corporate also changed all of its systems to password protected. Murray said he too was surprised how third-party system can cause vulnerabilities. “Sometimes they set up software with the manual standards that the hackers obviously know about,” said Murray. After being schooled in security by Digital Defense, Mid-Atlantic decided to strike a deal with them so their members could get the same services at a reduced cost. Cavaliere says although securing systems isn’t cheap, it’s worth it. “If we had just one breach and it was on the local news and in the papers, how much would that cost us in lost business?” [email protected]

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?

Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.