Credit unions want information security, but there's a big problem-people and their
"Most of what I do involves protecting employees against employees," said Kristina Bird, manager of information
In her fight to prevent employees from making big mistakes-or from committing big crime-Bird enlisted the help of
"The number-one thing that we look for in protecting our corporate computer systems is password violations," Bird
She said employees can easily and quickly create bad passwords, but that IT staff has difficulty monitoring
The vulnerability testing software, called Polivec Scanner by Mountain View, Calif.-based Polivec, Inc., contains a
"We take our security policy and export it into Scanner," Bird explained.
Scanner generates "a list of everybody whose password is within the guidelines and contains the correct number of
Bird can then quickly fix the problem. "We lock out those users and ask them to devise a new password."
Scanner has made it easier to implement the CU's security policy across all systems, she said. "On our main NT
SRMFCU also uses Scanner to MAINTAIN security policy and procedure settings on each employee's computer.
"For example, we can see if someone turned off a monitoring program and forgot to turn it back on," said Bird.
Of course, the 26,000-member CU's security detection and deployment is only as good as its security policy.
"Builder brought up stuff we'd never thought of," Bird said. An example that sticks in Bird's mind is the credit
SRMFCU's initiative to "protect employees against employees" and obsession with password security comes at a
In his fight against hackers, Polivec CEO Robert Medrano emphasizes what he calls "social engineering," which
Employees may be unwittingly persuaded to share security information with hackers online, over the telephone, or
Enforcing security policy helps guard against hacker threats, according to Medrano. Fortunately for Bird, tighter