Can You Answer These Questions?

September 9, 2021 at 9:57 am Leave a comment

Just like there are people out there who read the obituaries, taking silent satisfaction from the fact that they are not the ones being written about, let’s face it, there are those of us who are silently relieved when they read the latest blogs and trade press and confirm that their credit union has not been victimized in a way that makes the news. 

Recently there has been a lot of talk in credit union land about the fired credit union employee who plead guilty to taking revenge on her former employer by destroying sensitive information maintained on the credit union’s computer network. The credit union apparently had the right procedures in place but the employee’s access to the computer network was not turned off, resulting in $10,000 in recovery costs.

While you may be relieved that your credit union is not the victim, the incident underscores that, irrespective of your credit union’s size, it is incumbent to know precisely where your information is, and who has access to it. By the way, this is important not only to guard against an employee going mad but because federal and state law will increasingly make it essential for your financial institution to know who has access to what information and why as well as to accommodate the requests of your member’s to transfer or delete information.

With that long winded lead-in, how would you answer these questions?

  • Does your computer network allow you to make distinctions between the level(s) of access provided to employees?
  • Assuming it does, who decides what person(s) get access to the different parts of the network?
  • In your vendor contracts, do you require that vendors only have access to the computer network that they need to perform their job?
  • That vendors will only use the information for the purposes for which they have contracted?
  • That they have protocols in place to ensure that access to your network is terminated when employees leave or the job is done?
  • Do you require your employees to use multi factor identification to access the computer network?
  • Do you hold employees accountable for repeatedly failing to comply with basic cyber security protocols such as repeatedly clicking on suspicious links?
  • Most importantly, do you think Toronto is going to pass the Yankees or the Red Sox to get a wild card spot? I asked that last question to see how many of you were still paying attention.

The point I’m trying to make with all these questions is that your credit union must design safety protocols which limit network access to employees that need the access; that allow you to track where your information is located and that allow you to quickly access this information. No one is capable of anticipating or guarding against all of the wacky ways your network may be attacked, but proper compartmentalization of data will help minimize damage and help prepare you for data portability standards.

Entry filed under: HR, Legal Watch, New York State, technology. Tags: , , , .

Time To Activate Your Infectious Disease Safety Plan Will Biden’s Executive Order Apply to Credit Unions?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 755 other followers

Archives


%d bloggers like this: