National Credit Union Administration head Debbie Matz said on Monday that the credit union system needs to be prepared for potential cyberattacks to protect members’ data and to satisfy regulatory authorities.
“A data breach – even if it’s outside the financial system – can have enormous negative repercussions inside the financial system,” Matz said. “No matter how far removed a data breach is from your credit union, if it affects your members, you can pay dearly – both in terms of your reputation and your balance sheet.”
Matz said agency examiners will be looking at credit unions’ risk mitigation controls and how well they protect, detect and recover after a security breach. She said credit unions will need to address or improve vendor due diligence, patch management, employee training, password policies and network monitoring.
While data breaches remain a primary security risk, Matz said attacks by hackers who use stolen passwords to access credit bureaus and targeted attacks on credit unions are also chief security concerns.
“When these attackers break through, websites crash,” Matz said. “Members are unable to access their accounts. It can take hours to bring systems back online. Think about the damage they could do.”
Matz said in order to prepare for cyberattacks, credit unions should share best cybersecurity practices at league and industry meetings, adding that the NCUA is partnering with law enforcement and financial agencies to improve its own cybersecurity.
“NCUA needs to be ready,” Matz said. “The credit union system needs to be ready. Working together, we will be ready.”