Ongoing changes in operational practices bring new security risks. I sat down with some credit union professionals to discuss pandemic-era changes, work-from-home, and best practices in identity access management (IAM) for credit unions.

Angie Garman, Internal Audit Manager at First Florida Credit Union, and Ray Murphy, cybersecurity strategist and former CISO at Navy Federal Credit Union, weighed in.

Our talk covered identity access management (IAM), from user privileges to offboarding employees. In the video, they discuss how credit unions have been handling these issues—and what steps they can take to minimize risks therefrom. If you intend to centralize your credit union’s IAM, or if you want to reduce the likelihood of insider threats, then this video is a must-watch.

So, dim the lights, grab your popcorn, and dig in!




Free Webinar

Learn a structured process to manage the findings process. Resolve audit findings — on time and as expected. Escape from the pain of managing via spreadsheet and cut your administrative time in half.
Sign Up Now >


Centralizing IAM can be challenging, but it’s critical in today’s work environment. Credit unions can start the process without overburdening the IT department by:

  1. Inventory: Create a detailed list of applications and users, including roles, administrators, and maintenance responsibilities. Update this inventory regularly, and always when employees join or leave.
  2. Clearly defined roles: Establish clear roles for app users and administrators, assuring those with admin access have separate user IDs for their administrative and regular duties. Ensure each employee’s job description specifies required app access based on their role.
  3. Onboarding and offboarding protocols: Set procedures for granting and terminating app access—overseen by app administrators—to maintain security and compliance.



Future steps may include building an identity infrastructure and possibly implementing single sign-on (SSO) solutions for ease of use and enhanced security. Those improvements, plus the ones above, would ensure a manageable shift towards a more centralized IAM system.

You can learn more about the three steps above by clicking here.

Posted in: