Credit Union tells customers how to secure their data
Written by Vawn Himmelsbach October 29, 2006
When it comes to cyber attacks, some people are simply overwhelmed by the different types of threats out there, so they become complacent. Vancouver City Savings Credit Union (Vancity) is one financial organization that’s trying to make it easier for its membership to stay on top of security and avoid getting scammed.
Vancity has more than 312,000 members and $10.5 billion in assets, so
security is a top priority. “We can only secure our online banking
system,” said Geordie Cree, security specialist with Vancity. “As soon
as it gets to the member’s computer, we have no control of the security
of that device.”
The only thing it can do on that end is educate members and provide them with tools to allow them to protect their PCs and personal information.
But Vancity didn’t have the resources to do this on its own — nor did it make sense to reinvent the wheel. “We contacted our representative at Microsoft and asked if there was any interest on Microsoft’s part to do something and make that information available to others,” he said, adding that Microsoft happened to be in the early stages of coming up with the model Vancity now employs.
Vancity is able to link up to Microsoft’s security site and re-purpose the information to provide members with advice on updating and maintaining PC security. It does this on a regular basis to keep up with the most current information.
The credit union pulls content onto its site, and when users click on that content, they’re taken to Microsoft’s provider (which hosts the content). Vancity gets a monthly report from the hosting company that provides information on usage trends, which Vancity can then use to drive members to content. For example, when they put a new link on the Vancity home page, they can see if there’s a spike in traffic.
“It’s a work in progress,” said Cree. “Ultimately we would like to improve upon our entire security section and put cookie crumbs throughout the rest of our site that would draw our membership to the security content.”
Vancity also posts security information for employees on its intranet, though it’s not the same as on its website.
“We have a very managed environment,” he said, “so we don’t want [employees] downloading patches.”
While there’s no concrete measure of how this initiative is improving overall security, it’s all about getting that information out to the public, said Rowena Liang, Vancity’s CIO.
“The more you see it, the more you become aware of it.” There’s also recognition that, as a financial institution, there is only so much that it can control. “All we can do is be proactive and try to bring as much of this information to people and generate awareness.”
Vancity gets around 600-700 hits on its security content every month. “We could do more, and we will be doing more work in bringing people [to the site],” she said.
The financial institution is in the midst of redesigning the security and privacy areas of its site to make them more prominent. The launch of the redesign is planned for January.
Vancity was the first company in Canada that was allowed to take Microsoft’s resources and directly republish them to the outside world, said Bruce Cowper, senior program manager of Microsoft Canada’s Security Initiative. Now that’s starting to happen more frequently, thanks to RSS feeds (an easy way to distribute content over the Internet).
“We certainly have seen an awful lot of interest from other organizations to do something similar to Vancity, but also to do variations on the theme,” he said. “Having those resources available to them is a big time saver.”
According to Cowper, there is no cost to Vancity for the use of this information. As part of the agreement, Vancity attributes the information to Microsoft.
One of the drivers behind this was to provide up-to-date information about security challenges and threats in order to guide consumers toward best practices. That’s good for the consumer, as well as Vancity and Microsoft. “That helps Vancity because hopefully their customers’ systems are more secure,” said Cowper.
A breach can potentially affect the financial institution itself, but if the customer’s machine is compromised, then customer perception is going to be negative ”“ which has a whole other set of repercussions. For example, that customer may no longer feel comfortable banking online. “So it’s a win-win situation all around to present people with the right information to help them,” said Cowper.
Microsoft is also in the process of reviewing its online presence to make sure it’s providing the most relevant information to Canadians, he said. And it’s talking to other private-sector companies about following a model similar to Vancity.
“I’ve had conversations with most of the financial institutions about what Vancity has done,” said Cowper. “Some of them already have amazing resources online and are looking to augment those.”
What it comes down to is that security is everybody’s responsibility, said Liang. “The individual user has as much responsibility as any of the institutions ”“ what we’re trying to do is make the information available.”
Last modified on February 16, 2007
The only thing it can do on that end is educate members and provide them with tools to allow them to protect their PCs and personal information.
But Vancity didn’t have the resources to do this on its own — nor did it make sense to reinvent the wheel. “We contacted our representative at Microsoft and asked if there was any interest on Microsoft’s part to do something and make that information available to others,” he said, adding that Microsoft happened to be in the early stages of coming up with the model Vancity now employs.
Vancity is able to link up to Microsoft’s security site and re-purpose the information to provide members with advice on updating and maintaining PC security. It does this on a regular basis to keep up with the most current information.
The credit union pulls content onto its site, and when users click on that content, they’re taken to Microsoft’s provider (which hosts the content). Vancity gets a monthly report from the hosting company that provides information on usage trends, which Vancity can then use to drive members to content. For example, when they put a new link on the Vancity home page, they can see if there’s a spike in traffic.
“It’s a work in progress,” said Cree. “Ultimately we would like to improve upon our entire security section and put cookie crumbs throughout the rest of our site that would draw our membership to the security content.”
Vancity also posts security information for employees on its intranet, though it’s not the same as on its website.
“We have a very managed environment,” he said, “so we don’t want [employees] downloading patches.”
While there’s no concrete measure of how this initiative is improving overall security, it’s all about getting that information out to the public, said Rowena Liang, Vancity’s CIO.
“The more you see it, the more you become aware of it.” There’s also recognition that, as a financial institution, there is only so much that it can control. “All we can do is be proactive and try to bring as much of this information to people and generate awareness.”
Vancity gets around 600-700 hits on its security content every month. “We could do more, and we will be doing more work in bringing people [to the site],” she said.
The financial institution is in the midst of redesigning the security and privacy areas of its site to make them more prominent. The launch of the redesign is planned for January.
Vancity was the first company in Canada that was allowed to take Microsoft’s resources and directly republish them to the outside world, said Bruce Cowper, senior program manager of Microsoft Canada’s Security Initiative. Now that’s starting to happen more frequently, thanks to RSS feeds (an easy way to distribute content over the Internet).
“We certainly have seen an awful lot of interest from other organizations to do something similar to Vancity, but also to do variations on the theme,” he said. “Having those resources available to them is a big time saver.”
According to Cowper, there is no cost to Vancity for the use of this information. As part of the agreement, Vancity attributes the information to Microsoft.
One of the drivers behind this was to provide up-to-date information about security challenges and threats in order to guide consumers toward best practices. That’s good for the consumer, as well as Vancity and Microsoft. “That helps Vancity because hopefully their customers’ systems are more secure,” said Cowper.
A breach can potentially affect the financial institution itself, but if the customer’s machine is compromised, then customer perception is going to be negative ”“ which has a whole other set of repercussions. For example, that customer may no longer feel comfortable banking online. “So it’s a win-win situation all around to present people with the right information to help them,” said Cowper.
Microsoft is also in the process of reviewing its online presence to make sure it’s providing the most relevant information to Canadians, he said. And it’s talking to other private-sector companies about following a model similar to Vancity.
“I’ve had conversations with most of the financial institutions about what Vancity has done,” said Cowper. “Some of them already have amazing resources online and are looking to augment those.”
What it comes down to is that security is everybody’s responsibility, said Liang. “The individual user has as much responsibility as any of the institutions ”“ what we’re trying to do is make the information available.”
Published in
News
-
Nominations now open for 2012 Security Director of the Year
We are now accepting nominations for the 2012 Security Director of the Year. Do you know someone who fits that…
Latest Videos
-
Thomas Gerstenecker was unable to accept the Canadian Security Director of the Year award in person but was able to… -
-
-
