• Bobby Gould

Credit Unions and GDPR: 8 Months On

The GDPR or General Data Protection Regulation became law in May 2018. If nothing else, it has helped Credit Unions refocus minds around the importance of Data Security and particularly Cyber Security. Protecting our members Data has never been more important. Credit Unions have responded well to this new Data Protection Landscape, but we can never become complaisant.

The purpose of this short article is to remind ourselves of some basic protections that a Credit Union should consider. Penetration testing what is it? Do we need it? Firstly penetration testing is a simulated attach by a friendly expert who we ask to “test our system” and identify vulnerabilities that could be exploited by an attacker. By actively attempting to exploit vulnerabilities, a penetration tester can provide invaluable guidance on specific risks at the Credit Union and advises how they can be fixed before they become a problem.

With just under half of all businesses in the United Kingdom advising that they identified at least one breach or attack in 2018 it is a serious matter. These companies reported incidents from a temporary loss of files, software and system corruption, permanent loss of data and in some cases, money stolen and ransom ware attacks.

The average time it takes organisations to discover an attacker’s presence on a victim's network before being discovered is 146 days. 81% of reported intrusions in the UK are not detected by internal security processes but rather by news reports, law enforcement notifications, or external fraud monitoring.

You don’t need us to tell you the cost of any of these intrusions to a Credit Union, or the damage to trust it can bring.

Penetration testing is designed to deliver a realistic and targeted appraisal of the current state of your security and IT System and the risks attackers pose to your business, and importantly how to fix issues before they become a big problem.

CMutual has been helping Credit Union become more aware of these threats. When the subject of Cyber Security and Cyber Awareness became an issue for Credit Unions, we reached out to ITGovernance to help. We developed a program with ITGovernance, whereby Credit Unions could undertake an on-line survey of 50 questions and testing of their IT Systems after which the Credit Union would be awarded a CREST Certification Cyber Essentials. See


CUNA Mutual Group Limited is authorised and regulated by the Financial Conduct Authority (FCA). Reference Number 304814; You can check this on the FCA's register by visiting the FCA's website on or by contacting the FCA on 0845 606 1234. CUNA Mutual Group Limited registered office is at 100 New Bridge Street, London, EC4V 6JA; Registered in the UK under company number 03571106; This site contains information about products and services offered by companies within the CUNA Mutual Group Limited. From this site you can follow links to other sites operated by CUNA Mutual Group Limited companies © CUNA Mutual Group Limited 2017. All Rights Reserved. Accessibility Statement Privacy | T&C’s | Cookie Policy