Compliance Update with Amy K

​It’s Cybersecurity Awareness Month – protect yourself with this FREE webinar! Plus, NCUA cybersecurity resources, and member education can help keep their data protected.  

by Amy Kleinschmit, Chief Compliance Officer
​
October is Cybersecurity Awareness Month. While cybersecurity is a top concern for credit unions year-round, October was designated in 2004 as the awareness month for this important topic to shed a spotlight on the need for individuals to protect themselves online as threats to technology and confidential data become more commonplace.

Free Webinar
In recognition of National Cybersecurity Awareness Month, the NCUA and Federal Trade Commission are hosting a webinar titled “Protect Your Credit and Identity with Cybersecurity Awareness” on Thursday, October 26.

Credit unions and consumers can learn more about: Economic consequences of cyber fraud and scams; How to spot cyber theft; How consumers and credit unions can prevent cybercrime; and resources that help protect consumer credit and identity. Register for this webinar here.

NCUA Resources
Cybersecurity remains a top concern for NCUA. As you will recall it is a supervisory priority for 2023. As explained in the Letter to Credit Unions 23-CU-01, “Cybersecurity risks remain a significant, persistent, and ever-evolving threat to the financial system. Credit union technology-related operating environments are increasing in complexity. Your credit union can protect itself with a cybersecurity program that evolves and adapts to the changing threat environment.

The NCUA will continue to have cybersecurity as an examination priority. Examiners will evaluate whether credit unions have established adequate information security programs to protect members and the credit union. To strengthen the examination process for cybersecurity, the NCUA developed and tested updated Information Security Examination procedures tailored to institutions of varying size and complexity.”

In addition to the upcoming webinar, there are a number of resources available from NCUA which can be found here. This includes the ACET (Automated Cybersecurity Evaluation Toolbox). This free tool allows institutions of all sizes to easily determine and measure their own cybersecurity preparedness over time. 
Using the Toolbox to conduct assessments on a regular basis may help institutions to:

• Identify areas of risk proactively, before there is a problem.
• Determine the depth and breadth of cyber risk to which your institution is exposed.
• Discover the institution's preparedness to deal with the cyber threats it may face.
• Make decisions about security processes and programs based on the true nature of existing risk.
• Use a measurable and repeatable process to assess risk preparedness over time.
• Understand, address, and mitigate cybersecurity risks.
• The Toolbox also houses the CISA’s Ransomware Readiness Assessment (RRA). 

Remember – NCUA now requires federally insured credit unions that experience a reportable cyber incident to report the incident to the NCUA as soon as possible and no later than 72 hours after the FICU reasonably believes that it has experienced a reportable cyber incident. This final rule can be found here.

NCUA has provided Letter to Credit Union 23-CU-07 to summarize the requirements and provide implementation steps. The letter has several attachments including a Quick reference guide.

Member Education
However, beyond protecting the credit union, educating members on how to be smart online is also important. As explained by the National Cybersecurity Alliance, “Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected. It can make a huge difference even by practicing the basics of cybersecurity.”

The National Cybersecurity Alliance and National Institute of Standards and Technology (NIST) are focusing on four key behaviors for 2023’s cybersecurity awareness month.

• Enabling multi-factor authentication
• Using strong passwords and a password manager
• Updating software
• Recognizing and reporting phishing

The NIST provides a number of resources found here, including videos, fact sheets and more that you can share with you staff and members. Another source of information can be found from the Cybersecurity and Infrastructure Security Agency (CISA) through their program – Secure our World. This program includes discussion for securing your family, business and products.

Consider sharing these free resources and tips with your members to educate them on the importance of making good choices online – such as not providing account numbers and other personal information in response to text messages, emails, messenger pigeons, or what not. Or not clicking on links or opening attachments that are received via text or email.

NCUA has several tips for consumers that can be found here, including tips for securing computers, smartphones, and gaming devices.

The Federal Trade Commission also has some helpful resources for consumers including online security tips, information for educators and parents, and videos and games.

The Consumer Financial Protection Bureau (CFPB) is another source for free education tools, including print materials that could be shared with a variety of organizations, including libraries, meal sites, community centers, and faith-based organizations, to reinforce prevention and reporting of scams. Here is the “Play it Safe Online” placemat which can be ordered in bulk, and be sure to check out all the free educational resources found on the left side at the same link.
​
As always, DakCU members may contact Amy Kleinschmit with any compliance related questions. 

---