Cybersecurity and resilience are serious economic concerns rapidly spreading throughout the credit union industry as the risk of data breach and fraud continues to expand. As an engaged and committed CUSO, CU*Answers has the professional resources available to learn about cybersecurity requirements and help credit unions design and build the infrastructure needed to continually monitor and enhance the security of their systems and to protect member information.
On this page you can:
- Have your Board review the basics of cybersecurity through our Cybersecurity Literacy series.
- Review CU*Answers’ policies or use our templates to create your own.
- Review CU*Answers’ responses to the FFIEC Risk Assessment and download your own assessment template.
- Review and download the FFIEC and NCUA’s cybersecurity resources.
- Contact our Disaster Recovery, AdvantageCIO, and AuditLink professionals if you need further assistance with your cybersecurity program.
Cybersecurity Literacy for Credit Union Directors
In the tradition of our Financial Literacy for Board Directors, CU*Answers has produced a video to help guide your board of directors on the basics and terminology of cybersecurity. Remember that the FFIEC and examining bodies are expecting “the need for engagement by the board of directors and senior management, including understanding the institution’s cybersecurity inherent risk.” This video and materials are free to not only credit unions in the CU*Answers network, but to any financial institution in the country that wants to take advantage of this opportunity.
Policies and Manuals
Policies and Templates. CU*Answers has several templates you can use to help craft your own cybersecurity program.
- CU*Answers Cybersecurity Policy (PDF)
- CU*Answers Information Security Policy (PDF)
- CU*Answers Acceptable Use Policy (PDF)
- Cybersecurity Policy Template for Credit Unions (Word)
- Information Security Program for Credit Unions (Word)
- Acceptable Use Policy Template for Credit Unions (Word)
- Building a Solid Cybersecurity Foundation NACUSO 2016 (PDF)
- Building a Solid Cybersecurity Foundation NACUSO 2016 (PPT)
FFIEC Risk Assessments
- CU*Answers Risk Assessment (PDF)
- FFIEC Risk Assessment Template for Credit Unions (Excel)
- FFIEC Risk Assessment and Maturity Model Template (Excel)
The FFIEC Risk Assessment and Maturity Model Template was originally developed by Tony DiMichele on his website.
Note: CU*Answers does not recommend using the FFIEC Maturity Models as they are not likely to be applicable to the credit union industry. For additional information, as well as arguments you can use for your examiners, please see the following document:
CU*Answers Key Audit Results
If you need audit reports from CU*Answers, you can download them from this link:
FFIEC, NCUA and CU*Answers Assessment Tools
FFIEC Cybersecurity Assessment Tool. This link will take you to the FFIEC page that describes the new FFIEC Cybersecurity Tool and offers guidance on how to complete the assessments. Clicking this link will take you to the FFIEC website.
NCUA Cybersecurity Resources. This link will take you to the NCUA Cybersecurity Resource Page and guidance. They have a link to their AIRES IT Examination Questionnaire which provides information on the types of questions you can expect at your next examination. Clicking this link will take you to the NCUA website.
Online Banking Risk Assessment. This link will take you to the CU*Answers page that has all of your key information for assessing risk to Online Banking and configuring PIB. CU*Answers strongly recommends turning on PIB if your credit union has not already done so! CU*Answers can help with PIB if you need it.
Disaster Recovery and Business Resumption
Cyber Resiliency is part of financial institution requirements. If you have concerns about your own ability to recover from a disaster or need information on CU*Answers resumption testing, these links will help you get started.
1 (contains PDF reports on the latest CU*Answers Disaster Recovery Tests)
Need help with technology solutions at your credit union? AdvantageCIO is our answer to all your technology management needs, including Cybersecurity assessments. Contact us for help today!
Need help with compliance or configuring security on CU*BASE? Contact AuditLink for a consultation. AuditLink can assist not just with CU*BASE security questions, but also with OFAC/BSA and cost of compliance questions.
Online training for your staff is available through our partnership with CU Training Inc. If you haven’t already, check out this opportunity to help you staff stay in the know on key cybersecurity concepts.