What to Know From Recent CUNA, NASCUS Cybersecurity Symposium

Earlier this month, NASCUS and CUNA hosted their third Cybersecurity Symposium in Chicago, Illinois. The Cybersecurity Symposium focused on all things cybersecurity related including best practices, recent trends, and technical configurations. The symposium also thoroughly addressed the FFIEC risk assessment tool from all perspectives, including the Board of Directors, compliance professionals, IT professionals and state and federal examiners. Throughout all of the discussions, two main points stuck out.

Employee vulnerability

Regardless of how robust a cybersecurity program is, employees still post a large risk for credit unions as they can fall for social engineering and phishing attempts. Unfortunately, there is no way to protect 100 percent against these types of threats, but employee training can go a long way. In order to ensure the training is effective, credit unions should try to focus on prevention of phishing and social engineering attempts on a continuous basis as opposed to discussing it only during a scheduled annual training. A continuous conversation keeps this very important topic top of mind for employees which will aid in them preventing such attempts from becoming successful breaches.

No credit union or community is immune from breach

A few years ago, the public associated cybersecurity breaches with large institutions, but this is no longer the case. Because cybersecurity breaches occur for so many reasons (ransom, denial of service, ID theft, monetary gain, hactivism, etc.), the criminals do not discriminate by asset size or community size when planning a cybersecurity attack.

There are things that can be done to help secure the data the credit union holds. For example, encrypting data can go a long way toward protecting sensitive information. Credit unions can also implement strict password requirements, limit system access, and monitor network activity to detect anomalies.

For a list of best practices that credit unions can implement to help protect sensitive date, visit our Cybersecurity Resource Page at nwcua.org/compliane/cybersecurity. If you have questions related to cybersecurity, please email us at compliance@nwcua.org.


Compliance Question of the Week

If a check is made out to two people, can a credit union accept it for deposit with only one signature?

If a check is made out to two or more people and indicates that the funds are jointly owned (for instance, with an ‘and’ joining the parties), all parties are required to sign the check. If, on the other hand, the check indicates that the funds belong to any one of the people on the check (for instance, with an ‘or’ joining the parties), any one of the signatures is required.

When it is impossible to determine whether the funds are jointly or alternatively owned (for instance, with only a comma separating the parties), the assumption is that the check is payable to the people alternatively and therefore only one signature is required.


RCW 62A.3-110(d)

ORS 73.0110(4)

Legal Briefs

National Credit Union Administration (NCUA)

The NCUA announced that the video of its most recent board meeting is now available.

The NCUA released a new guidebook aimed at providing strategies for credit unions to provide digital services to members, along with internal analysis that should be performed when considering mobile services.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of August 4, 2016. The last update prior to this was August 3, 2016.

Questions? Contact the Compliance Hotline: 1.800.546.4465, compliance@nwcua.org

Posted in Compliance News, Federal, NWCUA.