Risk & Fraud

Evolving Operations and Security in the Post-Coronavirus Business World

By: Gene Fredriksen, Security Strategy Consultant

The impacts from COVID-19 have undoubtedly left an indelible imprint on our world. The pandemic has fueled a health and economic crisis that will have a long-lasting impact on customer attitudes, behaviors and purchasing habits. In reflecting on my own experiences, my attitudes toward online shopping and purchasing habits have changed. While I’ve used Amazon and other online shopping services in the past, I find myself using digital services more regularly for things like grocery shopping and prescription delivery. I even had a virtual appointment with my doctor recently. Many of us have adapted to using new tools for staying in touch, like video conferencing with friends and family, and taking up online hobbies and classes. My grandchildren are even taking taekwondo and clarinet lessons online during this stay-at-home time.

After just a few months of living in a new service world, consumers are embracing the expanded role of digital commerce, which will certainly extend into credit unions’ interactions with members. The main questions for credit unions include “What are the traditional face-to-face services that members will want to perform remotely?” and “What security and compliance issues could emerge when meeting those expectations?” In the COVID-19 context, credit union leaders must strike a critical balance between security and privacy, while considering cost and convenience. While this will require thinking outside of the box, we’ve seen that remote work can not only work, but there are also several operational and cost advantages.

Credit unions are now faced with new member expectations, enhanced security risks, office closures and reopening planning. The majority of credit unions I’ve spoken with predict a long-term increase in the virtual workforce. Many are also looking at alternative plans to avoid physical office expansion, freeing up capital for member-facing programs. However, these advantages don’t come without risk to the organization. This new operating model has become the focus of cybercriminals globally. Thousands of new attacks and scams are flooding the marketplace to cash in on weak spots in this new business model.

Adapting to New Business Model Strategies

How should the credit union respond to new operating models? A successful effort will include forming teams to evaluate the issues using an Assess, Prioritize and Act strategy.

  • Assess:
    • Redefine relationships with members and employees when using a remote workforce.
    • Redefine credit union supply chains and partner relationships. Are cyber and regulatory risks being managed?
    • Catalog and reevaluate the product and service offerings with a focus on offering them in a remote services model.
  • Prioritize:
    • Create a roadmap for new and modified apps.
    • Create a SWAT team to set and track KPIs (performance and security) for all new processes and report to management.
    • Involve Enterprise Risk and Info Security teams to perform a risk assessment on new business models and delivery methods.
  • Act:
    • Modify disaster recovery plans to include pandemic risks.
    • Review operational and capital budget plans for the remote member and employee model.
    • Build a flexible remote workforce staffing plan.
    • Train all users on cybersecurity issues regularly.

Staff Implications

If remote employees are not educated and trained to defend member information, even the most secure networks will not be sufficient. The most robust security plans for any organization involve a combination of people, process and technology options. In this new world, a simple once-per-year security training will not be effective due to the sheer number of new cyberattacks and exploits. Work with your credit union’s HR, IT, Marketing and Compliance departments to build innovative programs that keep security top of mind for remote workers.

We must continue to build the brave new post-COVID-19 business world on a solid foundation of security and trust. Trust is critical to maintaining and strengthening member relationships in providing new, innovative services and secure delivery models. Security and privacy are still significant issues for members. Now is the time to explore opportunities to enhance these areas to deliver excellence in member and information security.

Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.

Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.