I have a real fear of heights and, since our company LMG Security is headquartered in Missoula, Montana, I get plenty of opportunities to face this fear as my passion for hiking takes me to cliff edges and mountain tops – and every time that fear kicks in. The question begs asking, “Why then, do I take on this risk?”. It’s because I trust myself, so getting close enough to flirt with danger while experiencing the euphoria of hiking is an easily accepted risk.
But what if I’m not in “control”? How much risk am I willing to accept and what do I do with trust? My Father-in-law recently went skydiving for the first time in his 70’s. Talk about complete loss of control. However, upon more research, I learned that skydiving companies already understand that a gripping fear of heights and loss of control prevent a significant percentage of the population from considering the sport. Thus, in order to subdue or at least pacify those fears, a measurable and repeatable assessment of safety requirements was created called the United States Parachute Association’s (USPA) Skydivers Information Manual. In this manual, there are 246 pages full of Basic Safety Requirements (BSR’s – they call them). The BSR’s serve to protect the skydiver and cover everything from Federal equipment regulations, main and reserve parachutes, to emergency procedures, and a thousand other things in between. Some skydiving organizations promote the use of and adherence to these BSR’s as an appeal to win potential clients’ trust. As I read through this document, I thought to myself, “If I ever choose to skydive, the only way I would accept related risks is with a trusted organization centering its best practices around BSR’s!”
So, how does skydiving relate to the FFIEC CAT? For those who may be unfamiliar, the FFIEC CAT stands for the Federal Financial Institutions Examinations Council Cybersecurity Assessment Tool. This assessment tool was developed to help financial institutions identify their risks and determine their cybersecurity preparedness. It incorporates cybersecurity-related principals from the FFIEC IT examination handbook and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, assuring compliance with both. Credit Unions using this assessment will be able to enhance their cybersecurity oversight and management by:
1 – Identifying factors contributing to, and determining overall risk
2 – Assessing cybersecurity preparedness
3 – Evaluating whether cybersecurity preparedness is aligned with cybersecurity risks
4 – Determining risk management practices that need implementation or further development
5 – Informing risk management strategies
The FFIEC CAT is the credit union’s BSR for skydiving. It functions as a clarion call of safety and trust that quells existing fears associated with protecting member information. It demonstrates to existing or potential members that your credit union takes member trust seriously and goes to measurable lengths to prove it. It testifies that a strong confidentiality, integrity, and availability (C.I.A.) triad is a top priority within the organization. Ultimately, when your members’ heads hit the pillow at night knowing their personally identifiable information (PII) is secure, a more peaceful sleep ensues, night after night. And that…is priceless!
I wouldn’t go skydiving with an organization that didn’t comply with BSR’s. Nor would I bank with anyone except for credit unions whose security posture is assessed and measured with the FFIEC CAT. Don’t underestimate the impact that the FFIEC CAT can bring to your credit union because…if trust is elevated, fear and risk are deflated, and membership soars!