From the editor
Human error is inevitable. None of us is perfect, and we all mess up sometimes. When I became a manager, I told my direct reports that I don’t get mad about missteps.
I actually love mistakes and consider them an opportunity for improvement. Is a process change needed? Is a team member’s workload too heavy? Is more training needed? In many cases, a simple solution will decrease the likelihood of the same mistake being repeated.
Importantly, loving mistakes can help us anticipate—and then avoid—future problems. While in the arena of cybersecurity, credit unions would certainly prefer to learn from the mistakes of others, it can be very effective to encourage employees to think of all the ways security has gone wrong and could go wrong, then ask them how the credit union can avoid them in the future.
“Every organization should anticipate human failure,” says Gene Fredriksen, VP/chief information security officer at CUES Supplier member PSCU, St. Petersburg, Fla., in “Successful Cybersecurity Strategy,” In the article, Fredriksen shares essential components to making your credit union more cybersecure. The first is extensive employee training. Another is implementing sustainable, repeatable processes that assume that someday, somewhere, an employee will drop the ball.
“In the case of [the] Equifax [breach], the group responsible for patching might have anticipated a human error and implemented a scan to ensure the planned patches were successfully installed,” Fredriksen says. “To reduce human error, the patching should have been formally planned, installed from a list, the systems tested for successful installation and the process modified if problems are found.”
Credit unions often think first of protecting member data, but another important component to cybersecurity is safeguarding employee data. We provide our employers with highly sensitive data, and we want to know those employees who have access to it will do all they can to keep it safe. “Credit unions need to understand that their obligations to protect confidential HR-related data are the same as those for other confidential data,” explains Jim Benlein, CISA, CISM, CRISC, owner of KGS Consulting LLC, Silverdale, Wash. Read more about how to protect employee data in “Data Security for HR”.
In happier news, please join me in congratulating CUES’ 2018 Outstanding Chief Executive Joe Newberry, president/CEO of $4.8 billion Redstone Federal Credit Union, Huntsville, Ala. Read about his career journey and why he earned this honor in our cover story, “A Transformational Leader.” cues icon
YOUR THOUGHTS: What is your favorite mistake? Email your answer to firstname.lastname@example.org.