Jump to main content

Compliance

There are many components that go into cybersecurity and IT compliance for credit unions including vulnerability scans and testing, data loss prevention, and patch management.

Emergifi assesses and manages IT infrastructure to meet your credit union’s unique security compliance requirements through a vulnerability scan and assessment. The reason for the free assessment, is to validate your credit union, and if vulnerabilities are found, make you aware of any gaps or holes in your credit union’s systems. You can choose how to act on remediation if any items are discovered. Internal vulnerability scans are performed from inside your credit union network. Emergifi will deliver and review internal vulnerability scan report details with you, excluding remediation. As an added measure of security, Emergifi will perform quarterly external vulnerability scans that consist of obtaining all ranges of public IP addresses from the internet against your credit union's public facing resources including firewalls, web servers, switches, and routers. Emergifi configures the external scanner to point to these addresses, and then runs the external scan remotely and delivers and reviews external vulnerability scan report details with you, excluding remediation.

Emergifi clients that sign up for Microsoft 365 Business Premium also gain access to Microsoft’s advanced security and compliance features that protect your business against cyber-threats and safeguard sensitive information to help with data loss prevention. With Microsoft, you can set up data loss prevention to automatically detect credit/debit card numbers, social security numbers, and other sensitive member information, to prevent their inadvertent sharing outside your company. Easily archive your data with continuous backup, discovery, or restoration. Use different retention policies to preserve email data for litigation holds, eDiscovery, or to meet compliance requirements. Create sensitivity labels to control sensitive information within email and documents with controls like “do not forward” and “do not copy.” Information can also be marked “confidential” and additional restrictions can be placed to prevent data from being shared outside the organization. Enterprise-grade encryption can be applied to emails and documents to keep information private.

Patch management is a critical component to cybersecurity that consists of scanning devices on your credit union’s network for missing software updates, known as patches, and deploying the fix as soon as the update becomes available. If your credit union does not follow proper patch management procedures, you can create serious security breaches for sensitive member information, which could result in hefty fines.

If your credit union needs further compliance assistance, Emergifi offers a virtual CIO (vCIO) program that can help your credit union navigate IT governance, security, and compliance management, along with a variety of other helpful solutions.