Credit Unions and GDPR: 8 Months On
The GDPR or General Data Protection Regulation became law in May 2018. If nothing else, it has helped Credit Unions refocus minds around the importance of Data Security and particularly Cyber Security. Protecting our members Data has never been more important. Credit Unions have responded well to this new Data Protection Landscape, but we can never become complaisant.
The purpose of this short article is to remind ourselves of some basic protections that a Credit Union should consider. Penetration testing what is it? Do we need it? Firstly penetration testing is a simulated attach by a friendly expert who we ask to “test our system” and identify vulnerabilities that could be exploited by an attacker. By actively attempting to exploit vulnerabilities, a penetration tester can provide invaluable guidance on specific risks at the Credit Union and advises how they can be fixed before they become a problem.
With just under half of all businesses in the United Kingdom advising that they identified at least one breach or attack in 2018 it is a serious matter. These companies reported incidents from a temporary loss of files, software and system corruption, permanent loss of data and in some cases, money stolen and ransom ware attacks.
The average time it takes organisations to discover an attacker’s presence on a victim's network before being discovered is 146 days. 81% of reported intrusions in the UK are not detected by internal security processes but rather by news reports, law enforcement notifications, or external fraud monitoring.
You don’t need us to tell you the cost of any of these intrusions to a Credit Union, or the damage to trust it can bring.
Penetration testing is designed to deliver a realistic and targeted appraisal of the current state of your security and IT System and the risks attackers pose to your business, and importantly how to fix issues before they become a big problem.
CMutual has been helping Credit Union become more aware of these threats. When the subject of Cyber Security and Cyber Awareness became an issue for Credit Unions, we reached out to ITGovernance to help. We developed a program with ITGovernance, whereby Credit Unions could undertake an on-line survey of 50 questions and testing of their IT Systems after which the Credit Union would be awarded a CREST Certification Cyber Essentials. See http://www.itgovernance.co.uk/cuna-mutual.aspx