CUES Podcast
CUES Podcast
Sep 19, 2019
CUES Podcast 79: Credit Unions of All Sizes Can Succeed with Cybersecurity—an Interview with Ray Murphy, CRISC
Play • 38 min

True or false? The asset size of a credit union largely dictates the success of a security and education awareness program.

According to CUES podcast guest Ray Murphy, CRISC, this statement is definitely false. “Regardless of size, each credit union can have a world-class information security program,” he says in this episode.

Chief information security officer and cyber security advisor for LEO Cyber Security, a CUES strategic provider, Murphy previously built out the information security program at $106 billion Navy Federal Credit Union, Vienna, Virginia. Before working at Navy FCU, Murphy’s tenure at Mobile Oil exposed him to every facet of information security—from desktop and mainframe to PCs, voice operations and even executive support.

In the show, Murphy identifies some of the biggest challenges credit unions face every day: ransomware, which holds an organization’s system hostage in expectation of a ransom payment, and business email compromise, a particular type of phishing attack that tries to trick employees into clicking on a link to release malware that will take over a company’s network. 

“One of the things that organizations need to be focused on is to make sure they have a very robust incident response plan so they’re prepared … so they know what to do,” Murphy says. “If you have a threat that comes to fruition within your organization, time is of the essence.”

In this episode, Murphy also talks about the importance of securing cloud computing, having a good insider threat program and managing the regulatory environment—especially as it relates to protecting member privacy.

The show also gets into:

  • Steps organizations can take to educate employees and increase their level of awareness
  • The reasons why every credit union needs an incident response plan
  • The risks of not having an incident response plan
  • Key elements of an incident response plan
  • Why all employees need to be involved in securing members’ data
  • The role of communication and leadership in cybersecurity
More episodes
Clear search
Close search
Google apps
Main menu