data protection for credit unions

DATA PROTECTION FOR CREDIT UNIONSA Peer Supported DiscussionOctober 20, 2016

MEET YOUR MODERATOR

Lee Bird, President, Btech

Btech specializes in affordable, managed IT security services for credit unions.

Btech works with over 120 credit unions throughout the United States. Btech helps credit unions meet compliance goals by implementing and managing security services.

John Lockie, AVP of Infrastructure and SecurityCaltech Employees FCU

Rick Menjivar, Chief Information OfficerChaffey FCU

PEER PANELISTS

Credit union landscape

Data loss threats

Methods to protect data

Compliance

Technology choices

Q&A

AGENDA

Increasing complexity of IT environments

Hyper-growth of data and applications

Protection of electronic member

information

Compliance requirements for

data retention/destruction

CREDIT UNION LANDSCAPE

Accidental Deletion

Viruses, Malware, Ransomware

Natural Disasters – Storms, Floods, Fires

Power Outages

Hardware Failures

WHAT CAUSES DATA LOSS?

Determine RTO (Recovery Time Objective)

Define RTO for all dataUse the appropriate data protection technology based on the required RTOProtect all data

1.

Determine Onsite vs. Offsite Requirements

Onsite for DR’s or data loss where site is still availableOffsite for DR’s where access to data center isn’t possible“Out of the region” – Compliance requirements

HOW SHOULD I START PROTECTING DATA?

2.

WHAT DO I NEED TO KNOW ABOUT COMPLIANCE?

NCUA Rules – Do you know them?

Encryption of electronic member

information

Measures to protect against destruction, loss or damage of

member information

Regularly test the key controls, systems and procedures of

the InfoSec program

Gramm-Leach-Bliley Act (GLBA)

DO THESE TECHNOLOGIES COVER ALL MY DATA PROTECTION NEEDS?

Challenges with these technologies

• Regularly scheduled backups

• Unattended

• Multiple Copies of the same data

• Multiple retentions over a pre-defined period of time- Daily, weekly, monthly, annual retentions

POINT-IN-TIME BACKUP

Slow

WHAT ABOUT BACKING UP TO TAPE VERSUS DISK?CHALLENGES WITH TAPE

Tapes need to be replaced annually

Transfer of tapes off-siteAre they out of the region? The cost for an offsite storage vendor

SecurityHow many people are touching my tapes?

Tape auditAll tapes must be accounted for, all the time, otherwise must report possible loss of member information.

•Cloud for DR if region is affected

•Cloud so that protected data is out of the region

•Site replication or CDR for low RTO

•Can have a local copy for quick recovery

WHAT DOES CLOUD BACKUP BRING TO THE TABLE?

vs.

PUBLIC PRIVATE

• Identify all data to be protected

• Break down data recovery into RTO’s

• Have multiple data points for recovery

• Data must be out of the region

• Data must be encrypted

• Solution must be unattended – What does this mean?

SUMMARY: WHAT ARE DATA PROTECTION “MUST-DOs” FOR CREDIT UNIONS?

QUESTIONS FROM ATTENDEES

We created a quick checklist for you to get a real Data Protection Score

IS YOUR DATA PROTECTED?

RESOURCES

Compliance Datasheet Comparison Card

All attendees will receive resources in a follow-up email

Data Protection Checklist

THANK YOU!Lee Bird, President, Btech221 E. Walnut Street, Suite 138Pasadena, CA 91101626-397-1045 | leebird@btechonline.com