Strategic Link Partner, CUNA Mutual Group, Helps Credit Unions Combat Cyberattacks
Risk and Compliance expert, Carlos Molina, recommends building a cybersecurity culture for employees.
Safeguarding against cyberattacks requires a concerted effort by all members of an organization. Employees can easily cause unintentional data breaches by clicking on a phishing email, inadvertently downloading a malicious document, or accessing a link on their work computer that allows hackers access to your system. Faced with such challenges, credit unions must make cybersecurity part of the company culture.
To combat against such breaches, Strategic Link partner, CUNA Mutual Group, offers advice from Senior Consultant for Risk and Compliance Solutions, Carlos Molina. Molina recommends credit unions incorporate these four components in their employee cybersecurity plan:
Awareness: To help companies safeguard data, employees must first know what the threats are. Help them understand data classification and the difference between public and confidential data. In addition, teach employees about the tools of cybercriminals’ trade, including everything from phishing emails and malware to social engineering. Communicate your cybersecurity efforts and encourage managers to reinforce cyber threats in their interactions with employees.
Checklists and “cheat sheets” may also help employees understand the steps they can take to safeguard the organization from cybercriminals. CUNA Mutual Group’s Protection Resource Center has a variety of cyber risk and security resources available.
Training: Surprisingly, 66 percent of organizations say they have no time to update or review their data breach response plans. This can be an invaluable tool in helping employees adopt better cybersecurity practices. Once employees have a foundational understanding of the threats, create situational or behavior-based training that improves their cyber awareness.
Highlight scenarios that should be red flags, such as what to do if they receive an email message that invites them to click on a link. Behavior-based training can be as simple as teaching employees whom to contact to find out how to secure a new device in a “bring your own device” network environment.
Accountability: In addition to making cybersecurity training part of the onboarding process, include continuous cybersecurity-related activities—even in performance evaluations.
Performance reviews often are tied to bonus and compensation, so incorporating cybersecurity data or observed behaviors as a benchmark may compel employees to abide by the company’s best practices.
Vendors: Third-party vendors are a critical part of your team, but they also pose their own risks. In fact, 59 percent of organizations report having had a data breach caused by a vendor. Verify organizations that you do business with have the same threshold of cybersecurity as your credit union.