Home » Publications & News » Publications » Articles by Our Experts » ITS Articles » 3 Keys to Dependable IT Security

3 Keys to Dependable IT Security

 By Teresa Brent, Product Manager, Alloya Corporate FCU

Charles M. Schulz, creator of the beloved Peanuts comic strip, wrote a book called “Security is...” In his book, various members of the Peanuts gang explain what security is for them. For Snoopy, security is a full dish of food; for Sally, it is having a big brother; and for Linus, it is a thumb and a blanket. Like each Peanuts character, security or peace of mind for each credit union is unique. But unlike the Peanuts gang, credit unions need more than a security blanket to achieve peace of mind. The key to achieving information technology security is to identify your biggest concerns (by likelihood and impact), and then find ways to eliminate or mitigate their impact should they occur.

What keeps you up at night? What causes you to feel insecure when you think about your credit union’s information technology (IT)? Perhaps the following are familiar concerns.

  • Rising IT costs.
  • Uncertainty over whether your credit union is really prepared to handle a natural disaster – or even a simple power outage.
  • The security of confidential Or, you worry that your web email provider will be the source of malware for your members.
  • Your staff’s IT expertise and whether it is current in an ever-changing IT world.
  • Demanding regulations and the ability to comply.

Let’s discuss some of the keys to achieving IT peace of mind today.

Key 1: Cost Containment

Information technology changes quickly. Your members expect you to keep up, but no one wants to pay more for what they receive. The capital costs associated with cutting edge technology can quickly bleed your available capital dry. And if you don’t keep up, the costs to maintain older and out-of-date IT solutions can open you up to less reliable services for your members. This could lead to higher regulatory scrutiny, which can be even more costly.

So, how do you contain the ever-rising costs of IT infrastructure at your credit union?

It is expensive to own, upgrade or replace equipment. And it isn’t just the cost of the new equipment: housing the equipment with the right physical security and environmental requirements, the utilities associated with running it, the additional insurance required for it being located onsite, the staff and/or consultants to manage and upgrade it, etc. all play a factor in the overall cost. To do it right requires multiple environments to ensure your members are not without service during testing, upgrades or disasters.

Credit unions may want to consider procuring IT services in a utility-model fashion. This is an option that will allow you to use what you need, when you need it, while only paying for what you use. Rental servers, storage, network, bandwidth and infrastructure licensing can all be accessed to meet your needs, with redundancy and no single points of failure, without paying for 100% of each resource.

Another option for credit unions to consider is to contract for managed hosting or remote managed IT services. Managed host or remote managed IT staff can help provide monitoring at a reasonable cost.

With this model you are sharing monitoring resources, allowing your staff to better focus on meeting the day-to-day IT needs of your credit union and its members. It also can provide your credit union the option of ongoing education, experience in varying environments and troubleshooting a variety of issues, without any additional cost.

Key 2: Reliability

You are “all set!” You have in-house IT, a full time IT staff and a contract for disaster recovery in place, right? Well, before you sigh, roll over and sleep soundly, ask the following questions to ensure you own this key to IT security:

  • How often is your data backed up? Weekly? Daily? Hourly? Constantly?
  • Where is your data backed up to? Onsite, offsite locally? Over 200 miles away?
  • How quickly can your data be restored? Within hours? Days? Weeks? Does your IT staff get to sleep during this time?
  • Have you ever tested application recovery and user access to ensure there are no technical limitations to your strategy or plan?
  • How quickly can your members access the applications that house their data?
  • Do you have enough IT staff and the tools you need to monitor your operations around the clock?
  • Do you have enough coverage to handle IT staff illnesses, vacations, educational class attendance or an employee who decides to leave?
  • How do you keep your IT staff up to date with the latest technology and security issues and still ensure adequate daily coverage within your budget?

Contracting for managed hosting or remote managed IT services can help ensure that data is backed up and stored in a location that is less likely to be affected during a local disaster. In the case of a disruption, data can be quickly and efficiently restored, providing your members consistent service when they may need you the most.

Whether you choose to have your IT systems managed at a host location or onsite, if your credit union contracted for 24x7 alert monitoring and remediation, then identifying and diagnosing potential problems before an outage occurs can become easier.

Key 3: Email Security

Let’s face it, the worst nightmare for your credit union would be a breach of data security. We could easily add several more pages just on all the security measures credit unions can take. For now, let’s take a look at email security. Consider the following questions:

  • How do you explain to members, who rely and trust you to care for their financial security, that you were containing costs and didn’t feel you could afford a communication tool that would safeguard their non-public data?
  • After a breach, how do you explain it to regulators, while communicating to members and dealing with the cost/time needed to make corrections?

This key to IT security can be easily implemented through hosted email. For any organization with fewer than 300 email users, this solution is likely more cost effective than an in-house email system, especially when including servers, licenses, helpdesk support, etc.

A hosted email solution can ensure that communications are safeguarded and meet compliance requirements. It can allow you to use your credit union’s brand image in your email address. In addition, with the right provider, your credit union can receive software licensing, support, ongoing email application upgrades, SPAM and virus protection, local and remote back-ups and annual disaster recovery testing.

In conclusion…

When considering contracting for managed IT services, the right provider will share their annual SSAE 16 SOC2 (formerly SAS70 Type II) audit. This satisfies your due diligence for security processes and regulatory requirements, lowering your cost of compliance, documentation and testing. With the right provider, you can ensure that your credit union data continues to belong to you even while it is cared for safely and securely by your host.

If your credit union is looking for real IT security, taking advantage of the increased capabilities of a trusted partner who offers managed cloud hosting, disaster recovery services, remote monitoring, hosted email and IT expertise can offer more than just a security blanket for your IT concerns. It can offer true peace of mind.

Teresa Brent can be contacted at teresa.brent@alloyacorp.org. For additional information, please visit www.alloyacorp.org/technology-solutions .