Credit Union 's Reliance On Third Party Service

1423 Words6 Pages
For years, credit unions and the rest of the financial industry have been expected to implement risk management processes and plans that address resilience in the face of existing and emerging risks. Previous guidance on resilience tended to focused on catastrophic disasters or other events that affect credit union operations. Moreover, previous guidance focused on how to minimize financial loss to the credit union and continue to serve members with minimal disruptions in the face of a disaster. In February of this year, FFIEC added Appendix J, Strengthening the Resilience of Outsourced Technology Services (Appendix J or Guidance), to the Business Continuity Planning Booklet (BCP Booklet) of the IT Handbook. In general, Appendix J…show more content…
Under the new Appendix J’s Business Continuity Plan (BCP) cyber resilience guidelines, credit unions and their third-party service providers need to consider and incorporate the potential impact of a cyber-event. FFIEC notes five categories of cyber risks credit unions and their third-party service providers will need to address when updating their BCPs: 1) malware, 2) insider threats, 3) data or systems destruction and corruption, 4) communication infrastructure disruption, 5) and simultaneous attack on financial institutions and technology service providers. Below is a brief description of the five categories and FFIEC’s recommendations: Malware. The use of malware in cyber-attacks against businesses are increasing. Malware is software that is intended to compromise computers and computer systems. Malware can be introduced into systems through a variety of methods, which include phishing emails and visiting compromised websites. To the address the risks posed by malware, FFIEC recommends credit unions and their third-party service providers use a layered anti-malware strategy, which include integrity checks, anomaly detection, system behavior monitoring, and employee security awareness training. FFIEC also recommends strong passwords, appropriately controlled mobile devices, controls over access to social networks, regularly patched software and operating systems, and controlled and monitored internet access. Shortly after issuing

More about Credit Union 's Reliance On Third Party Service

Open Document