Saturday, June 5, 2010

Credit Unions' Top Challenge is Identity and Access Intelligence Says the National Credit Union Administration (NCUA)


Most Significant Issues for Credit Unions
Gigi Hyland, board member of the National Credit Union Administration (NCUA) highlighted Identity and Access Intelligence issues as the #1 and #2 "most significant information security threats to credit unions" in a new podcast interview with Tom Field, editorial director for Information Security Media Group.

#1 Issue - Former Employees Retain Access and Steal Data
When asked "What do you see as the current information security threats that pose the biggest challenges to your member institutions?", Hyland listed "first and foremost" theft of data by former employees after termination.
"Unfortunately, the agency is learning of cases where disgruntled former employees pilfer or otherwise corrupt key data after their employment with the credit union ends. And this creates, as you can imagine, a great deal of risk to the institutions, and I think what we are seeing is that in order for credit unions to be proactive from an internal control standpoint, management really needs to ensure that policies are in place for coordinating data access." - Gigi Hyland, NCUA board member

#2 Issue - Excessive Access Leads to Employee Misuse of Data
As for the second most significant information security threats to credit unions, Hyland explained "what we are seeing, in isolated cases is that current employees have inappropriately used or benefited from member data by providing that data to third parties such as financial management companies."
The answer she went on to say is that "Management should establish very clear expectations as to how employees should maintain confidentiality and member data and really restrict the use of data to their specific job function."

Identity and Access Intelligence as a Service
The good news is that credit unions can get outside help with Identity and Access Intelligence by outsourcing the grunt work of identifying terminated employees whose access has not been revoked and employees with excessive access rights outside their specific job function.
"when times are bad is when you see more incidents of fraud and insider/employee misuse of data and possibly fraud-related. So, we're seeing slight uptick in that, I think, because of the economic climate. But, you know, it just, it behooves credit unions to take a double-look at their internal controls in this tough time, and make sure that those internal controls are strong as they can be"  - Gigi Hyland, NCUA board member
View a 5 minute video demonstration of the Veriphyr service.


For the podcast interview see: 5 Top Security Threat to Credit Unions

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.