NJCUL Encourages CUs to Get Cybersecurity Ready!
in Compliance & Regulatory
By: Nicola Foggie, NJCUL Vice President, Compliance and Regulatory Affairs

Is your credit union cybersecurity ready? In May of last year, the National Credit Union Administration (NCUA) communicated to credit unions in the wake of the “WannaCry” global ransomware attack, reminding them to verify they had effective controls in place to prevent similar cyberattacks.

The WannaCry attack hit more than 300,000 victims in 150 countries, including the U.S., disrupting critical infrastructure, businesses, financial institutions, and healthcare markets. Then, on September 7 of last year, the public found out about the Equifax data breach. In the wake of the breach, credit unions, like other businesses, found themselves scrambling to notify their members and checking to see what, if any, impact the breach and its direct or indirect partnerships with Equifax, would mean to the security of their members’ private data.

Here we are in 2018. In response to the critical impact of information technology and information security breaches (also known as cyberbreaches, cyberattacks, cyberhacks) NCUA has developed and will begin using its NEW Automated Cybersecurity Examination Tool (ACET) this year. The ACET provides NCUA with a “repeatable, measurable and transparent process for assessing the level of cyber preparedness across federally insured institutions,” according to the agency in its Letter to federally-insured credit unions CUs: 17-CU-09, Supervisory Priorities for 2018. NCUA also said, The ACET incorporates appropriate standards and practices established for financial institutions. It also aligns with the Cybersecurity Assessment Tool developed by the FFIEC for voluntary use by banks and credit unions. Therefore, we encourage credit unions to continue to self-assess their cybersecurity and risk management practices using the Cybersecurity Assessment Tool if they do not have an alternative method of assessment”.

NCUA will begin using the ACET in examinations of larger credit unions with more than $1 billion in assets to create a baseline for the cybersecurity maturity level of the largest and most complex institutions. The agency will continue to test and refine the ACET through 2018 to ensure it scales effectively for smaller, less complex institutions 

The Financial Services Information Sharing and Analysis Center (FS-ISAC), along with CUNA, will host a webinar with NCUA examiners to explain the new Automated Cybersecurity Examination Tool (ACET). The free webinar is scheduled for April 5, from 3 to 5 p.m. (ET)

Resources: 

To schedule a Cybersecurity Assessment Review on your credit union, contact Nicola Foggie at nfoggie@njcul.org.

Click here for more information about additional audits the League provides.

Click here for Free CU cybersecurity webinars from FS-ISAC