True or false? The asset size of a credit union largely dictates the success of a security and education awareness program.
According to CUES podcast guest Ray Murphy, CRISC, this statement is definitely false. “Regardless of size, each credit union can have a world-class information security program,” he says in this episode.
Chief information security officer and cyber security advisor for LEO Cyber Security, a CUES strategic provider, Murphy previously built out the information security program at $106 billion Navy Federal Credit Union, Vienna, Virginia. Before working at Navy FCU, Murphy’s tenure at Mobile Oil exposed him to every facet of information security—from desktop and mainframe to PCs, voice operations and even executive support.
In the show, Murphy identifies some of the biggest challenges credit unions face every day: ransomware, which holds an organization’s system hostage in expectation of a ransom payment, and business email compromise, a particular type of phishing attack that tries to trick employees into clicking on a link to release malware that will take over a company’s network.
“One of the things that organizations need to be focused on is to make sure they have a very robust incident response plan so they’re prepared … so they know what to do,” Murphy says. “If you have a threat that comes to fruition within your organization, time is of the essence.”
In this episode, Murphy also talks about the importance of securing cloud computing, having a good insider threat program and managing the regulatory environment—especially as it relates to protecting member privacy.
The show also gets into: