Ensuring Security and Thwarting Cyberattacks

Ron Dinwiddie, EVP & CIO, Texas Trust Credit Union

Ron Dinwiddie, EVP & CIO, Texas Trust Credit Union

Being in the financial industry, my biggest challenge is providing my customers the ability to do business in an efficient yet secure manner. These are often in conflict as being efficient is not always conducted in the most secure manner. This same conflict also rolls over to our members (external customers who are stockholders in the credit union). Our members want to be able to conduct the same type of business with us as they do when they visit a branch from anywhere and on any type of device. This creates problems because I have no control over that device and don’t know if they have any type of security installed on the device to help protect them.

“Secure mobile banking that works the same way across all channels will be the technology to give us the competitive edge in the near future”

Wishlist and Expectation

In my wish list, the number one thing would be a type of security product that worked across all channels, on all operating systems and was able to detect a very high percentage of current and zero day threats and either block or remove that threat before it could take advantage of a device. And I expect software providers to take more responsibility for doing at least two things: 1) conducting a thorough security check on their product before releasing it to ensure it’s as secure as they can make it with current technology; and 2) just thoroughly testing their product prior to releasing it as too many providers are releasing a product just so they can get it out on the market and then they start, sometimes within weeks or a couple of months, sending out patches to fix things they knew needed fixing prior to releasing the product.

Meeting Business Goals

My company is currently working on integrating data across the enterprise to gain a 360-degree view. We have data from various systems that are similar in what they are supposed to be reporting. We’ve found that depending on who pulls the data and from what system, has a direct impact on the result of the report. Our #1 project for 2016 is to identify a solution that will consolidate all of this data in a format we can trust and everyone can agree is the “fountain of truth.” This can be used pull data and give us reports on not only our members/customers, but also on our business and how we are doing in meeting our goals rom the corporate level all the way to our frontline employees that get a bonus when they meet certain goals. This is critical to making executive decisions on what direction to take, if we need to make adjustments and for taking care of our employees and being sure we treat them right. Poor data can sink a business quickly as well as cause dissension within the staff that get paid bonuses or commissions.

Mobile Banking - the Current Trend

I see the mobile banking as the number one “trend” we are keeping an eye on. We are also looking at video conferencing as a means to remotely service our members. It can’t be just video and audio but must also include a means whereby we can assist the member in CIO$ Insight 37December 2015 opening an account, applying for a loan or doing other types of paperwork in an electronic format.

Secure mobile banking that works the same way across all channels will be the technology to give us the competitive edge in the near future. Right now, it’s difficult to find one product that works across all platforms desktop computer, laptop, tablets, and smartphones.

Importance of Security

The biggest thing for me is the security—keeping in mind I’m in the financial industry. Protecting our members/customers is foremost on my mind. The bad guys never sleep, never give up and are as smart or smarter than most of the good guys trying to protect us. Another one is my having to rely on vendors for some services, such as my ISP. I have no control over whether or not they go down, conduct maintenance that may or may not affect my connectivity or if they are protecting me as I try and protect my members/customers. Disasters are always something to be considered. This could be anything from a fire to terrorism attacks. Doing “dry” testing only takes you so far with feeling comfortable your plan will work or not. Having a comprehensive plan in place and actually testing it in a live scenario is something that most companies can’t afford to do as it takes you offline for a certain amount of time, so you do the best you can.

I have a Security Coordinator that reports to me and we seem to talk security a lot. What’s happening in the world, what activity we’ve seen taken against us, how we’ve responded, products on the market, and how can we make ourselves more secure without hindering the business. As we continue to grow, I will certainly be thinking about hiring a more senior person to take the position of CSO or CISO.

My Role as a CIO

Since my arrival in 2013, I have restructured my IT department and modified the roles of several employees while replacing others that just couldn’t conform to the new standards and roles. Others left of their own accord so I’ve had the opportunity to rebuild my team with individuals I was able to interview and select rather than those that were here and pretty much entrenched in how it’s always been done. As the first ever CIO for the company, I am becoming more and more involved at the “C” and Board level which gives me insight into how the company as a whole is changing. This gives me the ability to then work with my senior IT management team and redesign Ron Dinwiddie 38December 2015 our IT strategic plan to support the corporate strategic plan. By “singing off the same sheet of music,” IT is able to provide much better support to other departments and the overall mission of the credit union.

One thing I did was create a Business Analyst position within IT. This person’s mission is to go out and visit other departments, and find ways IT can help them become more efficient and effective. This may be through automating some manual processes they’ve been doing for years or decades or it may be as simple as conducting some additional training on how a certain system works so the user more fully understands it and can make better use of it. Another position I instituted when I arrived is for me and my VP of IT to make routine visits out to the department managers and to each of the branch managers to find out how things are going to find out what IT is doing right and where we can improve. Giving our internal customers personal attention always helps.

Advice to a New CIO in the Financial Industry

- Get to know your other “C”s, not just from a professional level, but also on a personal level. Spend time with them. Go to lunch with them. Find out what their hobbies and other interests are. It make it a lot easier when it comes time to “talk shop” if you are all comfortable with each other.

 - Learn about regulations. Find out who your IT auditor is and get to know him/her. When they come onsite, make it clear you are looking forward to “partnering” with them to do the audit. Don’t make them an adversary. The same goes for the examiners when they come onsite.

- Work hard on getting your IT staff to become a team (they might already be good at this if so, lucky you). Do some internal team building exercises. Sit down with each of your people (hard to do if you are really large, but then sit down with your direct reports) and get to know them a little bit and let them get to know you. Let them know that you’ve “been there” and understand what they are trying to do and what your role is.

- One thing I’ve done every place I’ve been is repetitively tell my folks that every other employee in the company is a “customer” and we in IT have to treat them that way. We rarely deal with the company members, but we have a direct impact on our fellow employees and how they are able to perform their jobs. Treat them with respect and as you would like to be treated if you were a customer at a restaurant or other business. Our job is to make theirs easier.

- Documentation is seen as the drudgery of IT, but it must be done. Set a standard on how you want it done, let your team know and then enforce it. This goes for documentation on people as well. Any time an employee is counseled and yes, they should be counseled when they do an outstanding job as well as when they need direction make sure it’s documented or it never happened.

- Finally, if you don’t already have one, talk with the CEO about setting up an IT Committee composed of the other “C”s and maybe a couple of SVPs. Don’t let the committee get too large or nothing will ever get done. Hold meetings at least quarterly. A few items to be covered would be projects IT is working on (include status as well as who in IT is working on it), future projects, security issues, new products you are looking at, and be sure to get inputs from the members on what they are working on.  

Weekly Brief

Top 10 Payment and Card Consulting/Service Companies in Middle East - 2020
Top 10 Payment and Card Solution Companies - 2020

Read Also

Advancing from Artificial Intelligence to Artificial Enlightenment

Advancing from Artificial Intelligence to Artificial Enlightenment

Vanessa Colella, Chief Innovation Officer, Citi, Head of Citi Ventures & Head of Citi Productivity
The New Face of Mobile: Yes, It Should Have a Face

The New Face of Mobile: Yes, It Should Have a Face

Kathy Strasser, Chief Operating Officer of IncredibleBank
Emerging from the Shadows of Major Metros

Emerging from the Shadows of Major Metros

Michael Wisler, CIO, M&T Bank
Digitization Before and After a Global Pandemic

Digitization Before and After a Global Pandemic

Rush Blevins, Chief Information Officer, Flagship Credit Acceptance
Designed to Fail

Designed to Fail

Lou Senko, SVP and CIO, Q2
Business Advocacy Through Risk Acceptance

Business Advocacy Through Risk Acceptance

Brenden Smith, Chief Information Security Officer at FirstBank