Feeling Like Guinea Pigs
Credit unions often play the guinea pig as they battle emerging threats to network security.
IT managers are often forced to audition up-to-the-minute-yet immature-technologies as new security threats pummel CU networks.
"A big part of my job is fine-tuning the tools that keep our network secure and running smoothly," said Curt Bolser, data processing assistant at $122-million 1st Community FCU in San Angelo, Texas.
Meanwhile, the $1.2-billion HarborOne CU, Brockton, Mass., fights an "all-out battle" against fraud, exploring a "staggering breadth and volume" of unproven network security solutions, according to Dick Bastiansen, senior vice president of Operations and manager of Information Systems at the Brockton, Mass.-based CU.
"The Internet alone provides a world of fraud possibilities from intrusion to phishing to e-mail interception," Bastiansen explained. "Identifying the scams, knowing the remedies and applying them successfully all require knowledge beyond our staff's expertise.
"Our experience suggests that it is growing more difficult every year and that often a new application does not play well with the established environment," he continued.
Specifically, at 1st Community FCU, Bolser has struggled in the past year with the installation of PestPatrol AntiSpyware on the CU's 100 workstations.
PestPatrol is part of Computer Associates Int'l, Inc.'s (CA) eTrust suite. Islandia, NY-based CA provides operations, security, storage and service management software.
The anti-spyware screens and cleans computer hard drives for unwanted adware and spyware.
"PestPatrol works about 75% of the time," said Bolser. "Meanwhile, we have 25% of the threat still out there."
The proliferating threat of spyware is one of the newer security concerns for credit unions. Spyware can self-install on PCs, collecting confidential information and hogging bandwidth and system resources.
CA's technical support is exacerbating the risk for 1st Community, according to Bolser. "We play a game of phone tag and the issues remain unresolved," he said. "What I need from vendor technical support are good answers within an acceptable timeframe."
Although 1st Community and CA have isolated the PestPatrol malfunction to the program's real-time protection feature, Bolser said CA's problem resolution has been unsatisfactory.
CA suggested that 1st Community disable PestPatrol's real-time protection and scan just once a day after business hours.
"But what good is the software at that point?" Bolser asked. "We are still vulnerable to spyware threats everyday for a 24-hour period until we perform the next scan."
CA was not available to The Credit Union Journal for comment on PestPatrol.
The struggle to secure goes beyond the branch. Glenn Powell at Coast Central CU in Eureka, Calif., told The Credit Union Journal in October about the many credit unions working to secure the new breed of Internet Protocol-based ATMs.
The $545-million credit union's ATMs were secured only by firewalls-not intrusion prevention-for six months, Powell said. The ATM manufacturer was of little help in finding a solution, he added.
Whereas 1st Community Federal and Coast Central CUs have had less than satisfying relationships with some vendors, Bastiansen said HarborOne relies on its "technology partner" to handle all of its third party solutions.
HarborOne skips the trial and error stage, testing all proprietary solutions via Avon, Conn.-based COCC, which develops technologies to implement banking strategies.
"Never mind the issue of quality assurance by the original developer," Bastiansen said. "In COCC, we have found a whole team of professionals manning the gates that we could not afford on our own. If the developer can't build it right, at least we have a servicer who can clean up the mess."
HarborOne and COCC experiment with new solutions in a test lab before they are implemented in production areas, he continued. "The test lab is time-consuming and expensive, but necessary.
"The heart of the issue is that we cannot afford to try security solutions that might not work," Bastiansen added. "We have neither the time nor the money nor the member tolerance for solutions that go awry."
For additional information on this story:
* 1st Community FCU at www.1stcommunityfcu.org
* HarborOne CU at www.harbor-onecu.com
* Coast Central CU at www.coastccu.org
* Computer Associates at www.ca.com
* COCC at www.cocc.com