I often refer to front line staff playing a critical role in the credit union’s information security infrastructure. Here is yet another example.
When visiting credit unions, I pay very close attention to what I can overhear on the teller lines, conversations in lobbies, offices, and drive-thru windows. Most every time I hear confidential information being overheard, management’s response is, “There is a policy stating the employees shouldn’t be doing that” or, “There is nothing we can do about it with the branch that we have”. Based on successes in many credit unions, here are a couple of tips to help you accomplish verbal information security:
1) First, assess where the problem(s) exist.
2) Develop procedures to reduce risks:
3) Address verbal information security in the credit union’s Information Security Policy and Program.
4) Train employees regularly on the policy and procedure. The training should be specific to verbal information. As always, logs of the training attendance should be recorded.
5) Testing of the adherence to the policy and procedure should occur no less than annually.
I understand this type of member information security would not result in a large data breach, but it will be a major breach to the member(s) affected. With members being more cognizant of information security breaches, it is important to demonstrate to them that you are looking at every aspect of their privacy and security.