NAFCU Services Blog

Oct 15, 2019

Part 2: An Executive’s 3-Point Checklist for Cybersecurity

By Steve Soukup, Chief Revenue Officer, DefenseStorm

In Part 1 of this series, we outlined what exactly constitutes a data breach, and the first of three important ways to protect your credit union.

For a thorough and successful protection plan, the second point on your cybersecurity checklist must be to establish an information security policy, business continuity plan, and incident response plan.

4 Phases of a Business Continuity Plan

1.  An information security policy should ensure that anyone using information technology within the domain of your credit union or your networks complies with rules and guidelines in place to protect the security of information stored digitally at any point in your network or within your four walls.

2.  A business continuity plan outlines how your credit union will respond to and recover from business disruptions, including those caused by cyber events. This plan has four defined phases:

  • Response – assess disruption and impact
  • Resumption – establish a control center and activate your teams
  • Recovery – prepare and implement procedures to recover time-sensitive operations
  • Restoration – prepare and implement procedures to fully restore services

3.  Finally, an incident response plan is a systematic and documented way to manage situations resulting from IT security incidents or breaches. With this, specificity is critical. This is your credit union’s opportunity to define how it will identify, respond to, limit and counteract security incidents as they occur.

Stay tuned for Part 3: An Executive’s 3-Point Checklist for Cybersecurity. Click here to subscribe to the blog.


About the Author