As a financial institution, credit unions regularly collect, process, and store the personal and financial information of their customers. This type of sensitive data is protected under laws such as the Sarbanes-Oxley Act (SOX) and the Gramm-Leach-Bliley Act (GLBA) in the US and the General Data Protection Regulation (GDPR) in the European Union. It also falls under the incidence of international standards such as PCI-DSS.
Being part of a highly regulated sector means credit unions must comply with all data protection requirements or risk heavy fines and dire consequences such as, in the case of noncompliance with PCI-DSS, never being allowed to process card payments again, a death blow to any financial institution.
Protection against external threats, however, is not enough to guard against data breaches and ensure compliance. Credit unions must also consider the dangers posed by insiders. Careless employees account for no less than 24% of all data breaches, according to the Ponemon Institute and IBM Security’s 2019 Cost of a Data Breach Report.
Data Loss Prevention (DLP) tools like Endpoint Protector can help credit unions to protect data, avoid harmful data breaches and stay compliant with data protection regulations, whether employees are working from an office or, as recent developments have made it necessary, from home. Here’s how!
Securing Data on the Move
Endpoint Protector allows admins to monitor and control credit card data and other sensitive information transfers through predefined policies for personally identifiable information (PII) and compliance with standards like PCI DSS or regulations like GDPR.
Transfers can be blocked altogether through exit points considered insecure such as file-sharing services, external email addresses, or instant messaging applications. Whitelist features allow companies to ensure that data can be transferred hassle-free to trusted sources such as other company email addresses or via an organization’s portals.
Data is Protected While Employees Work Remotely
In the last few months, the COVID-19 crisis has led to an unprecedented push for remote work across all industries. Although financial institutions have previously been reluctant to adopt work from home strategies due to the risk they pose to compliance efforts, they have been forced to reconsider during these extraordinary circumstances.
Authorities themselves have proven to be understanding of the plight companies find themselves in, but this does not mean that compliance is no longer required. However, organizations such as the PCI Security Standards Council have issued a guidance for compliance while employees work from home.
Endpoint Protector has an added advantage when it comes to remote work: because it’s a solution applied at the endpoint level, its policies remain active even when work computers are taken out of the security of company networks. Not only that, sensitive data is controlled and monitored at all times, even when a computer is offline. This is especially relevant for compliance efforts that require that data be continuously protected.
Device Control Options
Connected storage devices are often a security loophole. Employees are likely to connect their personal removable devices to their work computers to copy files, charge them, or to bring work home with them. However, the level of security of these devices can be a liability for the security of company networks. They can spread malware, be used to steal data, or to copy sensitive information onto completely unprotected devices.
Endpoint Protector offers device control options that allow companies to monitor, limit, and block USB and peripheral ports. These policies are extremely granular: they can be applied to particular users, groups, departments, or computers. They also offer the possibility of allowing the connection only of trusted devices with an extra layer of flexibility available through whitelists and blacklists.
USB Enforced Encryption
USBs have long been a security concern for all companies, including credit unions. Easy to lose and forget, they can be used to copy files directly from a company computer or, more recently, as a popular tool for malware attacks. However, they are also a very useful tool for employees and many organizations continue to use them.
To avoid any security incidents involving USBs, Endpoint Protector can enforce encryption on USBs connected to a company computer. This feature deploys an encryption solution automatically to any trusted USB storage device connected to an endpoint. Once installed, any files copied onto the USBs will be encrypted with government-approved 256bit AES CBC-mode encryption.
The USBs are then password-protected and therefore, if a USB is stolen or lost, the data on it cannot be accessed. Passwords can also easily be managed by admins: they can reset them remotely, an expiration date can be set for them and the number of times a password can be inserted can be limited.
Compliance efforts for financial institutions such as credit unions also involve keeping records of all their security policies and procedures, their risk assessments, and security incidents which can be used as proof of compliance. Extensive documentation also helps IT departments and CIOs to develop efficient data protection strategies and take better informed decisions.
One of Endpoint Protector’s Content Aware Protection module’s features is a reporting tool that monitors content and logs any attempts to transfer protected information over the internet, through applications, online services, or email.
Its Device Control module also has a file tracing option that monitors content transfers between computers and portable devices and logs them. An additional feature, file shadowing, saves a copy of all transferred files flagged as violating security policies, making it easy for admins to review them.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.