On this week’s edition of Money, I’m Home, Lynne is joined by Vice President of Information Technology to discuss his career path with Consumers and the vital importance of security to a business.

 

[music]

0:00:06.9 Lynne Jarman-Johnson (LJJ): Money, I’m home. Welcome in. I’m Lynne Jarman-Johnson with Consumers Credit Union. From finance to fitness, we have it all, and we have a expert today that you are going to be so excited to listen to. He is our Vice President of IT. He’s also my dear friend. You know when marketing and IT get together, it is one big “Uh-oh, watch out world.” [laughter] Hi, Bob Dunning.

0:00:31.0 Bob Dunning: Good morning, Lynne.

0:00:33.7 LJJ: Well, man, it’s great to have you here. We’re going to talk a little bit later in the podcast about security issues, I know there’s lots of businesses that are always reaching out to us just to find out what’s going on, and we’re so high-level with technology, you’re one of the reasons for that. So we’ll talk about that in a minute. But if you don’t mind, I really kind of want to talk to you a little bit about you personally. We have had a wonderful experience with our interns this summer, and it got me to thinking about how someone starts a career, and you are what I would call a home-grown Consumers VP. Tell us a little bit about how you started and how you got into IT and data and… and your journey.

0:01:17.3 BD: Absolutely, thank you for asking, Lynne. So, I was attending Western Michigan University with a background in Computer Science during the late 90s, early 2000s, and my senior year in 2000-2001 was during the dot-com bubble burst. So, prior to that, there were a plethora of programming opportunities, and then after that year, the jobs more or less disappeared unless you had five to 10 years experience. So here I am a senior getting ready to graduate and no opportunities and student loan is kind of looming over my future. So looking through The Western Herald, the local newspaper at WMU, there was a position posted for part-time IT support at a local credit union, a credit union I was not familiar with, but I figured hey, it was a foot in the door, opportunity to get experience and potentially be a launching point to a real job in the future, is kind of how I looked at it, so that’s how I got… [chuckle] into the credit union at that point. Fortunately, or unfortunately, I don’t know how you want to look at it… [laughter] We were a very small company, we had 45, 50 employees. We had four locations, so everyone kind of did a little bit of everything.

0:02:37.6 BD: So, I think that was a great opportunity for me to learn the business and not just focus on IT, so I had some experience learning operations, accounting, how collections and the banking process in general worked. I went through to teller training, just to… I got a very well-rounded experience seeing how the credit union operated inside and out.

0:03:00.2 LJJ: We just had a podcast with our interns from the summer, and every one of them worked in different positions and met with different individuals, and the one thing that they talked about, which I’d love to hear your viewpoint was they never thought… And you just alluded to it a little bit. They never thought that when they started this internship that they would, in the long run, understand how important culture is to an organization and to their own job and life, and now that they’ve had the summer with us, it’s a whole different ball game because they understand that connection between work and life, work-life balance. You started thinking, “Okay, part-time job,” and now look at you.

0:03:45.3 BD: Culture has ebbed and flowed over the years, and I think we’ve found what works and what hasn’t. There have been times where things weren’t quite connecting like they were… You felt like departments weren’t on the same page as far as cooperation and working together, and I think we’ve been very deliberate as a company and as a leadership team to say, “This is holding us back.” And when we look at other companies and other peers and can see the contrast between a team that works well together and doesn’t, it really forces us to step back and say we can’t serve our members well if we’re not serving our employees at that same level or higher.

0:04:21.9 LJJ: And really what I think is the coolest thing is it’s not something that just you just build and then it just sits there.

0:04:28.7 BD: Absolutely.

0:04:29.7 LJJ: You are working on it every day, every minute.

0:04:32.1 BD: Just like our marketing plans, our technology plans. Every day, it takes effort and work just like raising a family or starting a business, you got to put it in every day to get it out, for sure.

0:04:45.3 LJJ: So Bob, if you look back, if I look back on my career, I laugh about having a fax machine that didn’t have paper, and now you have a fax that goes to your phone or to your email, and the changes in technology have been so drastic. How is it that you’re keeping up and your team is keeping up because we are known and we’re recognized in the nation as a leading technology company; it’s a wonderful attribute to you and your team.

0:05:14.7 BD: Absolutely, and there’s just a great focus on being a life-long learner. We tend to seek out employees that are thirsty for knowledge, are creative… Like to ask questions. One of the jokes we always have is we don’t do something because we’ve always done it that way, we want to make sure that it’s the right way and best way, and what was the best way two years ago may not be the best way today so that constant learning. We tend to solicit a lot of feedback from frontline staff, they’re the ones having to do the processes and work through situations that we’re not necessarily aware of, so by getting that feedback, soliciting ideas, we tend to think of solutions that we wouldn’t have necessarily gone to… Some of the things that we’ve seen in the past is going from paper loan forms to completely digital signing things. It just took somebody to ask a questions, “Why do we do it this way?” And then, “Well, I don’t know, let’s go down that road together and figure it out.”

0:06:12.7 BD: Sometimes we get to a solution and sometimes the technology is not quite there yet. Frankly, we don’t want to roll out a solution that only halfway meets our needs. We really want to wow the member in the experience and reduce the friction in the process, all while maintaining our high levels of security and member intimacy.

0:06:29.6 LJJ: Well, and the security. We are a financial institution, so it is always number one and top of mind, and I really salute the fact that we just finished a training that everyone in the whole organization is taking on cyber security. Five, six years ago, I saw a speaker talking about this dark web and people who will so try to get your information and now we’re seeing… It seems like with major companies, tell us what you’re doing and how do you look at that, Bob? It has to be something that, I hate to say it, but it probably keeps you up at night a little bit.

0:07:03.5 BD: Oh, absolutely. Part of it, it’s been a process. I came into IT not knowing a lot about security. Now, granted back in the early 2000s, security wasn’t as big of an issue simply because the internet was still dial-up based, DSL was the new technology, cable internet wasn’t really widely available, so as we grew so did our education and our understanding of what our threats look like. Typically today, email compromise and identity theft is rampant. A lot of folks have great security on their devices, but ultimately the end user of that device is the gatekeeper, and the last piece of security that keeps the bad guys out. We look at… You mentioned the dark web, and frankly, a lot of the stuff is just in an internet that people don’t use, and they’ve brought together all of this information that’s been stolen and aggregated it and packaged it, and now there’s just a digital store you can go to and buy these things, which is…

0:08:07.3 BD: It’s frightening. So if you consider security as an organization, effectively, we’re a house with a thousand windows and the bad guys only need to find one window that’s not locked, so from my seat, it’s tough going around and making sure all the windows are locked, that the employees that are opening windows know how to close them at the end of the day, that we have fail-safe solutions that effectively, if an employee forgets, they’re not having to be that last line. We want to make sure we have systems that are going back through and checking and then sending a reminder and then doing some of those pieces, but education, like you mentioned, is absolutely paramount. Telling folks what they need to look for, why they need to look for it, what’s the benefit to them, what’s the why behind the reason we’re asking folks to take these additional security steps… Absolutely paramount in keeping us safe.

0:08:53.1 LJJ: And as a member, Bob, what is it that you recommend? Are there top two or three things that you should raise a red flag if you’re seeing something versus just automatically knee-jerk reacting and jumping… That’s my whole thing is, “Oh, something fun. It’s a shiny new object.” And you push on a button and kaboom, there goes security. Now, obviously, it’s not that simple, you have steps to take, but is that also what’s happening with members where you’re just grabbing ahold of something because it looks good?

0:09:25.0 BD: Well, not only because it looks good, but because as a society, we want to be trusting of each other, so when somebody reaches out to us or an offer is presented or communication is sent, we instinctively want to trust other people, we want to help people. And I think that’s probably a huge benefit to society, but at the same time, what the social engineering hackers are focusing on: This innate ability for us to want to trust people. So, it’s very easy for them to spoof somebody else or impersonate somebody else in order to get you to comply with the requests, there’s the enticement of money and gift cards and prizes and things like that, but as far as best practices go, typically make sure your equipment is patched. There are always security patches coming out, Microsoft, Apple, Google, they’re releasing patches every two to four weeks. Make sure those are applied.

0:10:19.1 LJJ: And Bob, that means making sure you’re keeping your updates going, right? Your software?

0:10:22.3 BD: Absolutely, and typically corporate devices are going to have those automated, but personal devices are, it’s just as important. Having a solid antivirus program that’s running on there that’s looking for these pieces, making sure your web browsers are up-to-date and those types of things. Chrome and Firefox release updates almost weekly. There’s an option just to check to turn those on, so they automatically update. The other piece is around passwords, so folks typically struggle with maintaining a boat load of passwords, and the recommendation is every site’s got a different password and don’t re-use passwords and passwords should be long and complex. The problem is, is the human mind is not good at remembering those, so what I recommend is using a password storage utility like KeePass or LastPass that will effectively manage all of your passwords for you in a secure format, and then, frankly, you don’t even need to know what your passwords are as long as you can unlock that application. The other piece that goes nicely with that is turning on out multi-factor authentication, so that’s typically where you’re going to not only have a username and password, but you’re going to get a code sent to your phone, usually a text message or using an authentication application.

0:11:31.7 BD: There are ways, of course, to hack all of these things, so none of them are 100% full proof, but 90% or better will keep you safe on the internet. One of the other amazing services that we offer as well through Mastercard is the ability to use their identity program, so effectively you can put in your phone number, your email addresses, and then some of your financial information, and this is a free service offered through Consumers Credit Union. They will completely monitor all of those things, so when they do show up on the dark web or on a compromised list, you’ll actually get a notification and then you say, “Oh, I you should go back and change passwords or maybe take a closer look at my credit report.”

0:12:11.2 LJJ: There’s tiny little things that might frustrate you in life, but identity theft, if it happens to you is a lot bigger thing that’s going to frustrate you much more than having to learn more than one password, right? [chuckle]

0:12:23.9 BD: Absolutely. It’s such a hassle.

0:12:26.0 LJJ: Well, Bob, thank you so much and congrats on your tenure here at Consumers Credit Union, we really appreciate it. Back when you started, we didn’t have such a thing as an internship program, but basically that’s what you were and now here you are as VP of IT, and it is a pleasure and honor to work with you every day.

0:12:45.0 BD: Thank you, Lynne. I appreciate it.

0:12:47.1 LJJ: Money, I’m home. Thanks so much for listening, and if you have a topic that you would like to share or you just want some information on, send it our way, and I’d like to send a shout out to Jake Esselink for his production skills. I hope everybody has a great week. Money, I’m Home with Consumers Credit Union.