TAMPA, Fla.—While enhancing technology is ever-important to the lifeblood of a credit union, ensuring systems and processes are streamlined is also critical to success. And with cyber creeps a keystroke away from breaching sensitive data, security remains a continual concern.

In this reoccurring feature, Credit Union Journalvisits with IT professionals—the often unsung CU heroes—to better understand how organizational goals are executed. This month Grow Financial Credit Union's assistant vice president of network services James Stock provides an inside view of operations.

"The biggest challenge is keeping up with security concerns. Every minute the risk of the next great exploit seemingly looms," said Stock. "A good example of keeping up is with the recent Heartbleed vulnerability."

Earlier this month, the Federal Financial Institutions Examination Council told credit unions and other financial institutions to figure out fixes to a devastating security flaw that could put online and mobile banking applications at risk.

Significant Vulnerability

OpenSSL is a cryptographic software library used to authenticate services and encrypt sensitive information. A significant vulnerability has been found in OpenSSL that could allow an attacker to decrypt, spoof or perform attacks on network communications that would otherwise be protected by encryption.

Stock explained that the majority of the credit union's systems wouldn't be susceptible to this threat. The challenge, he noted, is with appliances such as VPN and other internet facing devices. (For more about what other credit unions are doing in response to Heartbleed, see this story.)

"While you can test for these using tools available online, I'd rather make sure that I get something from the vendor showing me that their device is safe, which was a big challenge," said Stock. "Once you've verified all of your existing endpoints, then you start looking at sites your business associates use, and sites that your end users access, and on down the line. Talk about a challenge."

With 170,000 members and 22 branches, the $2 billion-asset credit union has 39 employees in its technology department that collectively address a myriad of issues aside from security.

With a background in desktop and servers, Stock's area of responsibility is with help desk and networking, a department comprised of 12 employees. The balance of the tech staff serve as application developers, information security experts, project managers, quality assurance testers and in management.

"To stay current, I learned to manage virtual server environments and enough networking to understand the demands of large scale switching networks," said Stock. "I've managed different IT teams since 2005 and have worked in IT since 1999."

In effort to stay ahead of the technology curve, Stock frequently attends conferences, including Dell World that offers a portal not only into how other credit unions use services, but how diverse markets approach the same technology. "What I find valuable is seeing how other markets, such as health care or hospitality, use different products," he said.

In recent years, Stock has also attended third-party vendor sponsored events focusing on new storage mediums and security appliances, among others.

"I like to stay current on trends in the industry, even if I am not looking to necessarily purchase something at the time," said Stock. "I find that spending money on sending my employees to events such as VMworld or Cisco live to be a great benefit as well."

How and when new technologies are introduced to upper management for consideration and approval depend on certain variables, according to Stock. Every month there is a conference call where branch related issues can be relayed to executives. If technology related, the appropriate department fields the problem and seek solutions.

"In terms of pitching services or upgrades, typically demand will speak for itself. Sometimes however, you find yourself in the role of the candy man," he said. "You give them a little candy and show them how great it is, and then they make the case for you."

Interactive Video Tellers

With the credit union in the early stages of rolling out interactive video tellers, it became evident that there were methods to improve the platform. This includes determining ways to control its drive through lane signage remotely from headquarters.

"The staff needed to be able to control the signs since we offer service through the drive through after the branch employees have left for the day," said Stock. "We found a great network controllable relay and built a simple web page for our Interactive Video Team members to control them as needed."

Looking forward, Stock recognizes that there will be challenges ahead, but added that he also had a wish. "If I could change anything, it would be that when it comes time to hire new employees, I could just clone the folks I already have. We really have a stellar group of people who work for us."

When asked about the former, the challenges, he made a comparison to big banks. "Funding is probably our biggest challenge. When you look at the big players who have multimillion dollar budgets for things like mobile banking or video enabled technologies, we just can't compete in terms of how quickly we can take a new technology piece to market and we can't survive taking as of huge risks either."

While competition with bigger banks is a continual credit union challenge, Stock said in many ways it takes some pressure off to not always have to be the first industry adopter. Overall, he feels working in a credit union environment is a more rewarding experience.

"I think one of the best benefits of running the IT Department in a credit union is that we can really get to know our employees and the needs of our members on a much more personal basis," said Stock.

Subscribe Now

Authoritative analysis and perspective for every segment of the credit union industry

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.