News Feed

Expect a Breach and Respond with an Incident Response Plan

Thu, Jun 18, 2015

Columbia, Maryland

In today’s cybersecurity landscape, credit unions realize that the question of “if” they will be targeted by a cyber attack is no longer valid; they should be asking themselves “when” it will happen and if they are prepared. Cyber criminals, driven by various motives, continue to develop highly-focused attacks to steal a credit union’s valuable intellectual property as well as member, third-party vendor and employee data. Today’s attackers are skilled, well-funded, patient, targeted and carefully cover their tracks when gaming a system.

It isn’t reasonable to think that every cyber attack can be prevented, but it is reasonable for your members to expect you to have plans for breach prevention and incident response.  If your credit union is unable to adequately contain a breach and handle the aftermath, you will lose members.

Advice to Credit Unions

  1. Establish your incident management program now, before a breach. Once an attack has already occurred, it is too late to map out your response plan. Without a plan already in place, it is nearly impossible to contain or stop the breach while investigating and restoring IT services.
  2. Ensure your information security program enables you to identify and manage risk, not just meet compliance. You can’t perceive the effort as just another regulatory obligation. It can mean the difference between your credit union’s recovery and future success or irreparable damage.
  3. Manage your information security and incident response throughout the year. Implement a program that defines your procedures, tests them, and trains as many people inside and outside of IT as you can. Set a baseline today, layout a roadmap for future improvement, and begin developing relationships with peers and other industry experts to share best practices.

Author: TraceSecurity – a leader in cloud-based information security and compliance management solutions.

Learn how one credit union leveraged TraceSecurity’s cloud-based software solution, TraceCSO, to create an incident response policy as well as leverage pre-built workflow, forms and testing capabilities that allowed the institution to prove their capacity to recover from a breach. Click here to download the TraceCSO Incident Response Use Case.