<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=4052188&amp;fmt=gif">

I often refer to front line staff playing a critical role in the credit union’s information security infrastructure. Here is yet another example.

When visiting credit unions, I pay very close attention to what I can overhear on the teller lines, conversations in lobbies, offices, and drive-thru windows. Most every time I hear confidential information being overheard, management’s response is, “There is a policy stating the employees shouldn’t be doing that” or, “There is nothing we can do about it with the branch that we have”. Based on successes in many credit unions, here are a couple of tips to help you accomplish verbal information security:

credit union security

1)  First, assess where the problem(s) exist.

  • Can teller transactions be overheard?
  • Pay attention to the area outside the branch(s) near the drive-thru. Can the conversation over the intercom be heard?
  • Check your ‘water-coolers’. Do employees get complacent when talking about members’ accounts around the branch(s)?

2)  Develop procedures to reduce risks:

  • Ensure employees write down confidential information at the teller lines and the drive-thru. Employees should show the members rather than verbally disclosing the information, especially when other member can potentially overhear.
  • Move the member waiting line further back if space permits.
  • The credit union can reduce the risk of someone overhearing by placing TVs, radios, or other white noise. Placing a speaker above the member waiting line is best practice.  The volume does not have to be high; however, it should be just high enough to muffle the conversations occurring on the teller line.

3)  Address verbal information security in the credit union’s Information Security Policy and Program.

4) Train employees regularly on the policy and procedure. The training should be specific to verbal information. As always, logs of the training attendance should be recorded.

5) Testing of the adherence to the policy and procedure should occur no less than annually.

I understand this type of member information security would not result in a large data breach, but it will be a major breach to the member(s) affected. With members being more cognizant of information security breaches, it is important to demonstrate to them that you are looking at every aspect of their privacy and security.

ROI of Digital Signatures Calculator

You may also like

Arkansas credit union leaders vote for league consolidation
Arkansas credit union leaders vote for league consolidation
16 April, 2013

Last Thursday, the Arkansas Credit Union League unanimously voted to merge with the Credit Union Association of Oklahoma...

Your Employees Could Be Your Biggest Cyber Security Asset
Your Employees Could Be Your Biggest Cyber Security Asset
15 August, 2014

As a consultant focusing on security, I often field questions on which products perform better than others, in particula...

NCUA seizes Virginia credit union after drop in net worth
11 February, 2013

The NCUA seized a federal credit union in Norfolk, Va., on Friday. They placed the $2 million NCP Community Development ...