Last month, 60 credit unions around the country faced outages as a result of a ransomware attack. In light of this, Think|Stack CEO Chris Sachse wanted to share the following advice to credit unions that are concerned about this kind of situation and have questions.
First, we are here to help. If you have any questions or would like to talk with one of our credit union IT experts, please don’t hesitate to reach out to us, and we’ll schedule a call as soon as humanly possible. As a CUSO, our mission is to serve credit unions at all times, especially during a crisis.
Here are several immediate things you can be doing:
- Engage With Your Legal and Insurance Representatives: We strongly advise you to consult with your attorneys and assess your insurance or bond coverage. These discussions can guide your response strategy and outline any potential financial remedies.
- System Testing: Initiate a comprehensive test of your systems. In particular, those credit unions using FedComp but housing servers in-house must ensure operations are stable, as FedComp is the current focus area for the NCUA. Follow the 3-2-1 plan for backups: 3 copies of your data, stored on 2 different types of media, with 1 copy hosted offsite.
- Intrusion Prevention: Implement best practices such as regular penetration testing, vulnerability scans, and software patches to detect and fix potential security flaws. If you engage a third-party vendor for these services, are they regularly reviewing results and making recommendations?
- Incident Response Planning and Training: This is crucial to maintaining order during a cyber event. Establish a clear incident response protocol that involves all key stakeholders, including management, IT, legal, and communication teams. Make sure everyone understands their role and practice! This plan should also focus on data recovery, business continuity, and system restoration. And remember — cyber attacks often happen when you are most vulnerable, such as nights, evenings, weekends, and holidays. If you have questions about your incident response plan or would like to schedule a one-time or regular staff training session — let us know.
- Communicate with Vendors: We understand that communication can be a challenge during these incidents, especially with parties that are directly dealing with the breach. Persistence and alternative lines of communication are essential. Consider contacting other trusted cybersecurity vendors for disaster recovery support and advice, but no matter what course of action you take — don’t do nothing.
- Have a Plan: Review your risk mitigation and business continuity strategies. Are there dependencies or single points of failure along the way that should receive attention to remediate? Have you tested your business continuity plan? Have you or your vendor tested your backups in the last 6-12 months to validate they would be available for restore if needed? Do you know how often backups are taken and the minimum time frame that you could revert to? How much data would your organization lose in this case: is it one hour, one day, etc.?
We understand that having access to clear and consistent information can be a significant challenge at this time. Our goal is to fill that void and ensure our credit union community has access to updated information and best practices. We will continue working closely with the NCUA and other partners to keep you informed and help you navigate these turbulent times.
Stay vigilant. Our collective cybersecurity is only as strong as the weakest link. Your proactive action today can make a substantial difference in our shared security tomorrow.