This blog first appeared in Credit Union Times.
‘Data breach announced’ is a headline no organization wishes to see, and yet, it appears more frequently year after year. Organizations have to handle a variety of different data sources in order to operate effectively. Financial institutions are no exception. Most organizations partner with vendors, and in all likelihood, those vendors have vendors of their own. Data management quickly escalates to include 3rd party (and in some cases, even 4th party) data. You should be taking steps to ensure your organization is establishing secure data management best practices.
4 Important Data Management Tactics for Credit Unions
- Data Security
Security protocols should include a comprehensive management system that provides a proactive approach to building more stringent security measures and continues to keep your data secure.
Practical Questions to Ask:- How is your data stored? Data should be housed in a physically secure environment with 24/7 monitoring that restricts access to authorized individuals and detects all access attempts. Systems and devices processing or holding data should also be protected with encryption, antivirus, and/or antispyware software.
- How are you testing your network? Rigorous security testing provides opportunities to test the current protocols in place and create (or recreate) attack simulations. Security testing can include: Penetration Testing, Code Scanning, or Vulnerability Assessments as an example.
- What are your security operations & protocols? Security controls should be developed, operationalized, and monitored to protect your data. These operations can include comprehensive control framework, playbooks, and incident response preparedness activities to ensure that threats are prevented, detected, triaged, and responded to.
Read the Blog: "Protect Your Data from Cybercrime with Remote Workers" to
learn strategies to protect your data as COVID-19 forces more employees to work remote.
- Data Compliance
Compliance protocols help establish vendor manager protocols and due diligence expectations for both internal and external use. It’s important to regularly review any updated regulations with your counsel to determine what additional steps and disclosures you may need to add to remain industry compliant.
Practical Questions to Ask:- Do you have an established vendor management program? A third-party risk management program helps prevent data exposure that may originate from your vendor and vendors’ vendors through an established set of protocols.
- How often do you review audits? A comprehensive, independent risk audit (i.e. an SOC2) can help identify and resolve data security weaknesses or threats for your vendors. An independent external audit helps give assurance proper security controls are in place.
- Are you remaining educated on changing legislation? Stay educated on legislative requirements and how they impact your business operations. For example, recent legislation on data privacy requires consumer consent and disclosure notices to be shared.
- Data Privacy
Credit unions not only need to protect their data, they need to have processes that comply with privacy legislation and best practices.
Practical Questions to Ask:- What is our privacy policy? Privacy policies should be implemented in day-to-day operations and regularly reviewed and assessed for compliance updates. In the wake of new data privacy laws like GDPR, CCPA, and GLBA, organizations are being held accountable for their data management.
- How are we protecting member data? Establish a data governance program that helps data remain protected, private, and secure. This includes placing safeguards, establishing internal employee controls, developing employee training, and adapting technology solutions to help manage member data effectively and responsibly.
Download our White Paper: "Protecting Your Data With Vendors" to learn actionable steps you can take to keep your sensitive data protected, no matter where it lives.
- Data Reliability
Data management systems need to be regularly accessible and reliable. This means regularly assessing the quality of the controls and protocols in place. You need to be prepared to act appropriately in the event of a data breach, so make sure you have a plan.
Practical Questions to Ask:- Do we have a business continuity plan in place? A documented plan identifies processes for managing response activities and recovering operations without neglecting security or compliance. These plans ensure that the impact of a service disruption to consumers is minimized.
- What are our quality controls? Build and implement quality controls at key points within your data management system. Controls should be routinely audited by internal and trusted third parties to ensure that any defects are caught and remediated early. Processes such as code reviews, non-production environments, and both automated and manual QA testing can help find issues early in the process.
Data regularly expands outside of the credit union, and it remains an important responsibility to ensure employees and vendors follow data management best practices to keep consumers and your business protected.
Bio: Joshua Gideon is the Manager of Audit, Risk, and Compliance at Allied Solutions in Carmel, Ind. He leads teams responsible for evaluating the data security and compliance standards of Allied's vendors, partners, and customers to help ensure the highest security control standards.
Related Content: Allied's Solutions Trust Center
Stay Informed on Resources from Allied Solutions: Join our e-newsletter list!