Enter “how to avoid a security breach” in any search engine and you will see no shortage of opinion and advice. Some of it salient and wise. Some of it questionable and dangerous. This article is based on twenty five years spent in the financial, health care and telecommunication industries focusing on technical and security issues. I have personally been involved in handling three significant security breaches, dozens of reputation affecting security events, and thousands of security incidents affecting productivity.
Organization size and security budget applied are irrelevant to the competency and preparedness of IT people responsible for that security. I have seen effective security programs on a shoe string budget and grossly ineffective programs with big budget, corporate authority, and scores of security people.
So, how do credit unions and other financial institutions avoid a security breach?