Founded in 1961, New England Federal Credit Union (NEFCU) is a member-owned financial institution serving communities across six counties in northwestern Vermont. With over 88,000 members and more than $1 billion in assets, it has become the largest credit union in the state. As a result, maintaining the trust of its members, especially when it comes to safeguarding their personal information, is essential.
Business Challenge
NEFCU has long maintained a strong security culture, continually implementing technologies to strengthen its policies and infrastructure. Measures such as blocking USB ports, enforcing network access controls and authentication, and encrypting sensitive documents and email were already in place. The organization also prioritizes regular employee training on security and data protection.
However, as the credit union collaborates with multiple vendors, partners, and service providers — each requiring varying levels of data access — it faced a critical gap. NEFCU lacked enterprise-wide visibility and detailed insight into the movement of sensitive, regulated data, making it difficult to track exactly what information was being shared and with whom.
As Michael Stridsberg, Information Security Program Manager, explained: “In security, you are always concerned about what’s coming into your organization. What we wanted to know here at New England Federal Credit Union was what data was going out — a 180-degree change from the typical security approach.”
NCFCU's Critical Success Factors
- Improve visibility into data sharing with vendors, partners and service providers
- Classify data quickly and accurately
- Rapid deployment, low overhead
- Enforce appropriate use of data by users with varying privileges
- Maintain client trust
The Solution
NEFCU selected Fortra Network DLP for its simplicity, cost-effectiveness, and completeness of functionality within its architecture, which Stridsberg describes as “elegant.” The Fortra team began by identifying what data was being exchanged, as well as any patterns of use. For the first three months, NEFCU simply monitored the network.
Through detailed analysis provided by Fortra Network DLP, Stridsberg and his team identified clear data usage patterns. While some aligned with the expectations of the information security team, they also uncovered additional patterns that required attention. During this period, they continued refining their data security policies based on business rules, ultimately creating a system in which false positives are virtually non-existent. They also integrated protections to gain visibility into web traffic.
The installation of Fortra Network DLP took only a few hours and requires minimal ongoing maintenance. This resulted in no need for additional staff and a low total cost of ownership (TCO).
“Once installed, visibility into our network traffic was significantly improved,” said Stridsberg. “We could see exactly what data was being transmitted and where. Today, I can’t imagine doing security work without it.”
Once Fortra Network DLP was installed, visibility into our network traffic was significantly improved. We could see exactly what data was being transmitted and where. Today I can’t imagine doing security work without it.
Michael Stridsberg, Information Security Program Manager, NEFCU