Fighting data breaches can be costly for credit unions, and one security firm – the Lubbock, Texas-based CoNetrix – is aiming to make protecting data more affordable, especially for organizations with fewer available resources.
Credit unions spent on average $136,000 on data security measures and $226,000 on expenses related to merchant data breaches in 2014, according to a February 2015 NAFCU survey. With this in mind, CoNetrix has created affordable security solutions scaled to meet the budgets of low-income designated credit unions thanks to an NCUA fraud and cybersecurity grant initiative.
“We understand the need for information security in all sizes of financial institutions,” CoNetrix President Russ Horn stated.
The NCUA announced the availability of funds for low income designated credit unions on May 18, 2015, which may be used this year to combat fraud and beef up cybersecurity. Between June 1 and 30, each eligible credit union could apply for up to $7,500 in NCUA grant money to help develop its fraud prevention and cybersecurity efforts; funds were to be awarded in mid-July. The purpose of this initiative, the agency said, was to assist low income designated credit unions with protecting members’ personally identifiable information as well as enhance security.
Some of the projects covered under the initiative include: System tests or risk assessments, penetration tests, internal and external vulnerability tests, social engineering assessments, information systems and/or cybersecurity training, cybersecurity risk exposure monitoring, developing or implementing data classification policies, compliance risk assessments, and membership with a cybersecurity organization serving financial institutions.
CoNetrix, which was founded in 1977 and serves customers across the country, designed qualifying service packages that will make it easy for credit unions to apply for the grant, Horn explained. The firm created the following three limited-time, discounted cybersecurity offerings, which are available through July 31:
Option 1: Tandem software that includes a risk assessment, policies, business continuity planning, vendor management, and a new phishing testing and training module.
Option 2: Includes penetration and social engineering tests, internal vulnerability assessment, as well as a tandem risk assessment and phishing modules.
Option 3: Includes a penetration and social engineering test, internal vulnerability assessment, as well as a tandem risk assessment, policies, business continuity planning, vendor management and a new phishing module.
“We have told credit unions that we will still provide this service and these offerings [until the end of July] whether they apply, get the grants, or not,” Horn said. “Some of the smaller institutions just don’t have the funds to get the appropriate testing to make sure they are safe and secure.”
Although it’s not part of the grant initiative, the $226 million, Lubbock, Texas-based Alliance Federal Credit Union, said it knows the value of CoNetrix’s cloud-based security services.
“I look at the technology arena from a big, macro situation,” Scott Rose, president/CEO for Alliance FCU, said. “I know what we want to do at our credit union is deliver technology to our members speedily, safely and simply. CoNetrix has really partnered with us and certainly helped us do that.”
CoNetrix has assisted Alliance FCU by providing vulnerability and penetration testing to secure the credit union’s network and data, as well as conducting business continuity and risk assessments to uncover potential vulnerabilities and determine how to handle attacks.
“Alliance is a great example of what a credit union should look like from a security, compliance and technology standpoint,” Horn remarked.
Rose stated, “Members expect us to protect them and take care of this,” adding that the partnership with CoNetrix has improved the credit union’s technology position. “It is a way to legitimize a credit union of our size in the marketplace,” he said.
At the end of the day, layered security is critical, Horn pointed out.
“One of the things credit unions need to know and understand is what vulnerabilities they might have,” he said.
Horn advises running an external penetration test, which allows credit unions to scrutinize their vulnerabilities from the outside looking in and observe what a hacker sees in regard to the institution’s protection. The next step might be an internal vulnerability assessment.
“Ask, ‘What do we look like on the inside from our control set?’” Horn suggested. “Then you can come up with a plan for how to improve controls and add to your layered security.”