CUES Podcast artwork

CUES Podcast 79: Credit Unions of All Sizes Can Succeed with Cybersecurity—an Interview with Ray Murphy, CRISC

CUES Podcast

English - September 19, 2019 17:00 - 37 minutes - 26 MB - ★★★★ - 8 ratings
Business News Business News cues credit union professional development financial organization banking www.cues.org ceo board of directors directors executive Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: CUES 78: Connecting Core and Content to Give Members a Great Experience—an Interview With Stephen Comer
Next Episode: CUES Podcast 80: Tips for Comparing Plans ‘Apples-to-Apples’ and Other Truths About Executive Benefits—an Interview With Ramsay Ellis

True or false? The asset size of a credit union largely dictates the success of a security and education awareness program.

According to CUES podcast guest Ray Murphy, CRISC, this statement is definitely false. “Regardless of size, each credit union can have a world-class information security program,” he says in this episode.

Chief information security officer and cyber security advisor for LEO Cyber Security, a CUES strategic provider, Murphy previously built out the information security program at $106 billion Navy Federal Credit Union, Vienna, Virginia. Before working at Navy FCU, Murphy’s tenure at Mobile Oil exposed him to every facet of information security—from desktop and mainframe to PCs, voice operations and even executive support.

In the show, Murphy identifies some of the biggest challenges credit unions face every day: ransomware, which holds an organization’s system hostage in expectation of a ransom payment, and business email compromise, a particular type of phishing attack that tries to trick employees into clicking on a link to release malware that will take over a company’s network. 

“One of the things that organizations need to be focused on is to make sure they have a very robust incident response plan so they’re prepared … so they know what to do,” Murphy says. “If you have a threat that comes to fruition within your organization, time is of the essence.”

In this episode, Murphy also talks about the importance of securing cloud computing, having a good insider threat program and managing the regulatory environment—especially as it relates to protecting member privacy.

The show also gets into:

Steps organizations can take to educate employees and increase their level of awarenessThe reasons why every credit union needs an incident response planThe risks of not having an incident response planKey elements of an incident response planWhy all employees need to be involved in securing members’ dataThe role of communication and leadership in cybersecurity