With the recent headlines about yet another data breach affecting credit unions and their members, I wanted to point you to a resource that might help you respond effectively. Because this isn’t the first data breach and it certainly won’t be the last.
We’ve posted a recording and accompanying slides from a Data Breach Preparedness presentation from the 2012 NAFCU Technology and Security Conference for your information, as you look to how to address this most recent incident. The presentation was made by Christine El Eris, Director, Product Management for Affinion Group (one of our Preferred Partners, for ID Theft solutions), and focuses on best practices for responding to members, partners and stakeholders during and after a breach. Not surprisingly, Christine stresses the importance of putting steps in place in advance and provides tools and guidelines for breach preparation and response.
I’d say that the audience was divided into those that felt they were already well-prepared for a data breach (perhaps assisted in the process by prior experience), and those that had some work to do (perhaps colored by not having had prior experience). But it seemed like everyone came away with something new to do or to think about after Christine was finished. Or it may just be that this is one of those issues that is an ongoing challenge, and there is always something you can learn about preparing for the next time.
Christine caught my attention right of the bat with a look at a textbook case of what NOT to do, the Sony Xbox breach. She continued with details of critical steps for credit unions to mitigate the risk and loss associated with a data breach:
- Assemble your response team
- Conduct a risk assessment
- Comply with federal and state regulations
- Set up a call center
- Utilize outside experts if needed
If you look over Christine’s suggestions, one of the unspoken but clearly essential components is buy-in from senior management. Not just on implementing a process but on allocating the resources needed to do it right.
I’ll let you get the details from the full recorded presentation, and I urge that you do. Although we may have mounds of challenges to face each day and to-do lists growing by the minute, don’t let data breach preparedness and response fall to the bottom of your list. These things do happen, more often then we’d like to think, and the effects can be devastating.
The last part of Christine’s presentation focuses on how the Affinion Security Center can help with some of these challenges, as well as provides a few case studies of breach response in financial institutions.
Post written by Dave Frankil, President, NAFCU Services Corp.