Good communication may well be the best defense against hackers.
Some say that there are two types of companies: those that have been hacked and those that have been hacked but don’t yet know it.
Today, all companies—including credit unions—are considered technology companies to some degree. As credit unions have continued to thrive and grow in recent decades, so have their cybercriminal counterparts. Like many organizations, credit unions house a wealth of personal and sensitive customer data, making them prime targets for cyberattacks.
Credit unions of all sizes must invest to defend against threats that are becoming more widespread and commonplace by the day, fueled in large part by our pandemic-era remote work environment. In the executive search business, JM Search sits at the forefront of emerging trends influencing top executive leaders. As the cybersecurity landscape continues to evolve, so do the best practices of leaders tasked with addressing cybersecurity across industries.
We have uncovered three trends influencing cybersecurity efforts today. The greatest tool of all—and a common thread in the three trends outlined below—might just be simple human communication.
Effective Board and Executive Team Communications are Critical
Building and sustaining good relationships with boards and committees is more critical than ever, and it can be a big consumer of time and focus for many chief information security officers, IT executives, and others with information security and risk management responsibilities. Discussions around cybersecurity have spiked among company leadership as the threat of ransomware attacks increases. This phenomenon spans many industries, including some deemed to be part of critical infrastructure.
A proper risk management approach is key in these situations. It’s critical to quantify risks and put them in easy-to-digest business terms that will resonate with boards and business leaders. All organizations are unique, so IT leaders should tailor their communications to the composition and interests of boards and executive teams. For example, if not a standalone function, information security and risk management leadership may report to information technology, the chief risk officer or another department, depending on the size and structure of the credit union. Regardless of the audience, crisp communications based on data and analytics—expressed early and often in clear terms of business and risk—are essential.
Remote Work and Digitization Have an Extensive Impact
We all have experienced to some degree the lasting impact of COVID-19 on the workplace. Chief among the effects has been the swift move to a remote workforce and increased digitization of business processes, which necessitated a change in security policies and a move to cloud environments. These changes resulted in significant investments for many organizations that were not prepared to appropriately service and secure a fully remote workforce.
IT leaders should document a full list of risks—including stolen credentials, ransomware and more—and the capacity of stakeholders to engage. They shouldn’t be afraid to get more creative in evaluating ways to drive efficiencies in their programs. The more CISOs and IT executives can plan for the risks that accompany our new remote landscape of work, the more business operations will be enabled to run with minimal or no disruption, putting the ROI value of the security or IT team in the spotlight.
Team Building & Development Remain Challenging
Attracting and retaining top tech and information security talent continues to be an ongoing challenge. Increasing demands and the expansion of roles and responsibilities are causing many teams to become overwhelmed and stretched thin. A vital requirement of IT executives today is the ability to effectively build, lead and inspire their teams to feel empowered while learning and growing throughout their careers.
A Final Word
We’ve seen that in today’s complex cybersecurity environment, a credit union has a lot more to consider than just the latest technology and basic security protocols. To ensure success, credit union information security and risk management leaders need to cultivate a business mindset to ensure they’re ready to effectively interact with boards and executives. Even in the face of cyberattacks and data leaks, IT leaders need polished presentation and communication skills to get their ideas across to employees and leadership alike, fostering engagement along the way.
Bill Borkovitz is a partner at CUES Supplier member JM Search, where he recruits C-level executives across a range of industries, including financial services and fintech, with credit unions being a focus area for the practice. He brings over 20 years of financial services operating experience combined with more than a decade of C-level executive recruiting to the firm.
A partner at JM Search, Jamey Cummings has more than 14 years of executive recruiting experience and is a recognized leader in advising organizations on the recruitment, assessment, development and retention of technology and security and risk management talent.