While credit unions and banks are tasked with protecting payment information, small businesses should also be playing their part in that cybersecurity effort, said one credit union executive.
According to reports in Credit Union Journal, James Mooney, president and chief executive of Chevron Credit Union, spoke to the House Small Business Committee about SME cybersecurity Wednesday (March 8), suggesting that “it is very ambiguous right now” how small businesses are expected and required to protect payment data under current regulation. Citing research that finds the majority of cyberattacks hit SMEs, Mooney added that there should be legislation that requires all businesses, not just large ones, to meet cybersecurity standards.
“Securing consumers’ personal information and financial accounts will require the entire payments ecosystem to take an active role in addressing emerging threats and in turn require all industries to be proactive in protecting consumers’ personally identifiable and financial information from the onset,” Mooney told the committee, speaking on behalf of the National Association of Federally-Insured Credit Unions.
He pointed to the high standards credit unions and banks already face to protect payment and financial information and said small businesses should be held to the same standards.
"Under Gramm-Leach-Bliley, we are really given the duty that everybody has to be playing at the same level,” he said. “As GLBA has functioned, it is scalable, so the risk that a multinational institution has is going to much different than a small credit union and the risk assessment is much different, but everybody is on the same page.”
His commentary comes as federal lawmakers struggle to define a path for data security legislation.
“The problem is that the bar keeps shifting as technology changes,” said Charles Rowe, president and CEO of America’s Small Business Development Centers, speaking at the same hearing about the challenges of regulating SME cybersecurity requirements.