Skip to content
Case Study:
Meeting Cybersecurity Compliance Requirements for a Michigan Credit Union
CS_Image_02-1

Description 

A local credit union with about 40 employees and $70 million in assets had been relying on a Managed Service Provider (MSP) to handle their IT needs. But over time, they grew frustrated with the vendor’s slow response times and ongoing cybersecurity issues that never seemed to get resolved. The real tipping point came after a third-party audit flagged multiple repeat issues with the credit union’s security protocols, highlighting a concerning lack of progress on cybersecurity compliance. 

Problem

The credit union faced ongoing issues with their cybersecurity posture, exacerbated by poor service delivery from their existing provider. During the audit, over 30 repeat findings were discovered—covering everything from lack of documentation to missing security controls and the absence of continuous cybersecurity monitoring.  

The credit union's CEO, already disillusioned with the slow response times and unreliable service, was alarmed that ongoing cybersecurity alerting was ineffective. This became the final straw, prompting the need for immediate action to address the gaps in their security and compliance. 

Solution

The credit union first connected with one of New Charter Technologies’ companies at a Michigan Credit Union League conference, where they were drawn to their VoIP services. Impressed by the reliable service, they became VoIP clients in 2019. By early 2023, ongoing issues with their current provider’s poor cybersecurity support led them to expand their partnership to include comprehensive cybersecurity services. 

Understanding the urgency, the credit union’s board authorized the New Charter MSP to jump in and implement a full cybersecurity overhaul, even though the contract with their previous provider was still active. We set up a complete cybersecurity stack aligned with the NIST Cybersecurity Framework (CSF), addressing the audit’s flagged issues like missing documentation, security controls, and continuous monitoring. They also rolled out a customized defense matrix, giving the credit union a clear view of their strengths, vulnerabilities, and the progress they were making. 

3Artboard 1 copy

Compliance Requirements 

Financial institutions like credit unions are held to strict cybersecurity compliance standards, including the Gramm-Leach-Bliley Act (GLBA), which primarily concerns the safeguarding of sensitive information and requires rigorous reporting. They are also regulated by oversight entities such as the National Credit Union Administration (NCUA) and the State of Michigan, which expect adherence to a cybersecurity framework like NIST CSF to ensure robust protection measures. 

Results 

Within a few months, the credit union saw a significant improvement in their cybersecurity posture. At their next IT audit, the auditor was impressed by the progress made, noting the improved maturity of their cybersecurity program. Over 30 repeat issues were addressed in an effort to ensure that the institution remained compliant and avoided potential penalties.

Additionally, the auditor, pleased with the work for this institution and another, referred several other credit unions facing similar challenges to New Charter.  

Conclusion

This case shows just how valuable a comprehensive, structured approach to cybersecurity can be, especially in highly regulated fields like finance. By getting ahead of compliance issues, the credit union didn’t just lower its risks—it also strengthened its overall cybersecurity. The New Charter company’s partnership with the credit union keeps evolving as they continue to support its compliance needs and introduce new solutions to keep up with growing demands on the business. 

Our dedicated advanced cybersecurity team ensures businesses of all sizes benefit from comprehensive cybersecurity and enterprise-level expertise. We deliver advanced cybersecurity with common sense and clarity, helping organizations modernize their approach to cybersecurity and improve their posture. Whether you're on-premise, in the cloud, or hybrid, we provide security that adapts to your needs—so you can focus on your business. 

We specialize in crafting personalized cybersecurity solutions for every organization. Let's talk about how we can make a difference for your company!

Get in touch

New Charter Brands. Meet the IT Dream Team.