Brad Atkin, CPA, CISA, CITP, SOC – Shareholder, IT Advisory and Security Group

In response to the ongoing economic effects of COVID-19, the Federal Financial Institutions Examination Council (FFIEC) has issued additional guidance on pandemic planning credit unions need to be aware of.

The FFIEC has identified several unique challenges that set pandemic preparedness, such as COVID-19, apart from other aspects of continuity planning:

  • Lasts far longer than other disruptions, usually arriving in waves of two to three months each
  • Disrupts business operations on a global scale, rather than a local scale
  • Causes mass absenteeism as staff from different offices are unable to come into work

In order to ensure your credit union’s business continuity plan addresses these challenges, the FFIEC recommends:

  • Implementing a prevention program that includes monitoring, employee education and access to sanitation supplies
  • Coordinating your planning and response activities with critical vendors
  • Scaling your response to match the six outbreak intervals defined by the Centers for Disease Control and Prevention (CDC)
  • Establishing the necessary systems and procedures to enable as many employees as possible to telecommute and facilitating social distancing for those who cannot
  • Testing and continuously updating your pandemic plan

To ensure your employees can telecommute effectively and securely, Doeren Mayhew recommends the following:

  • Assessing the capacity of your firewall to ensure it can handle a spike in virtual private network (VPN) connections
  • Enabling two-factor authentication wherever possible
  • Consulting with your online and mobile banking providers to ensure they are prepared for an increase in usage as in-person banking decreases

Finally, it is imperative employees remain diligent when it comes to secure practices, such as being suspicious of unsolicited emails. Where credit unions are scrambling to keep operations up, cyber criminals are plotting on how to more easily take advantage of this situation. It is good practice to communicate clearly with employees on things to look out for, including phishing scams, in these times of uncertainty. Check out these 10 tips for detecting a phishing email Doeren Mayhew has compiled to help protect your organization.

If you have any questions regarding your business continuity plan or cybersecurity, contact us today.