Cybersecurity Compliance

Cybersecurity is a systemic risk that affects all levels of business, government and ordinary people. It is such a high risk area for credit unions that the National Credit Union Administration (NCUA) placed cybersecurity as a top focus for exams. As the cybersecurity world continues to evolve, it's important that your credit union is prepared for possible threats. Be proactive and shield your credit union from the ever-changing cybersecurity universe now.

Below you'll find credit union resources for cybersecurity compliance, including an interactive cybersecurity assessment tool, insightful blog posts, articles and webcasts, to help you stay on top of this evolving issue.

Resources marked by * are member-only. If you are not a NAFCU member, learn more about membership.

Charts & Guides

• NAFCU FFIEC Cybersecurity Assessment Tool Workbook* (Updated 3/5/18)
  An editable, self-tallying file that allows credit unions to self-test cyber risk and readiness in a shareable format with a visual result.
• [SAMPLE] NAFCU FFIEC Cybersecurity Assessment Tool Workbook
  Not a NAFCU member? Download a sample workbook to calculate your credit union's inherent risk profile for delivery channels and cybersecurity maturity for threat intelligence and collaboration.
• FinCEN Cyber Threats Advisory (October 25, 2016)
• FinCEN FAQs Regarding the Reporting of Cyber-Events, Cyber-Enabled Crime, and Cyber-Related Information through Suspicious Activity Reports (October 25, 2016)

Articles

• Special Topic: Cybersecurity*
• Cybersecurity Exam Preparation 
• Cybersecurity: Into the Breach 
• The Before and After of the Equifax Breach*
• FFIEC 2016 Updates to the IT Handbook*
• Data Security Breaches at the Hands of Retailers, But at the Expense of Credit Unions: A Review of Current Litigation and Legislation*
• FFIEC Updates the Management Section of the IT Handbook*
• Getting a Head Start on Cybersecurity Exam Preparation*

NAFCU Compliance Blog Posts

• Updating the Safeguards Rule, But Not for Federally-Insured Credit Unions (September 4, 2019)
• In with the New: NCUA’s 2019 Supervisory Priorities (January 9, 2019)
• “Beware: Cyber Scares!” (October 31, 2018)
• CFPB Issues Consumer Protection Principles on Data Sharing (November 13, 2017)
• Untangling Service Provider Breaches (October 13, 2017)
• After the Equifax Epic Data Breach Fail - What Next? (September 15, 2017)
• New York's DFS Final Cybersecurity Requirements – Will Others Follow? (July 28, 2017)
• Updated FFIEC Cybersecurity Assessment Tool (June 9, 2017)
• Hackers Access Billions of Records: Are your Members Protected? (April 7, 2017)

Follow all Cybersecurity-related blog posts on The NAFCU Compliance Blog

Webinars

• What’s new in Cybersecurity for 2019
• Cloud Cybersecurity Governance, Oversight and Risk Management
• The Current Cybersecurity Playing Field, and How Your CU Can Level It
• Cyber Training for Board Members
• Cybersecurity Insurance for Credit Unions