by George McDonald, Chief Officer of Strategic Services
October is time to celebrate cybersecurity. Now, that sounds kind of silly, doesn’t it?
I would think for most people, celebrating cybersecurity is akin to celebrating the fact that you get to go to the dentist for a root canal. You’re not really looking forward to the discomfort and hours in a dentist chair – but the alternative of dealing with the pain and any other effects that might follow are worth taking care of the issue.
Sure, all the efforts and real expenses credit unions put into cybersecurity for their organizations can be time consuming, tiresome, and maybe even painful, but the end results that protect our members and the credit union will pay off and be rewarding in the end. Almost like a visit from the tooth fairy!
Here are a few reminders for our credit unions to think about as we head into October, designated as Cybersecurity Awareness Month, and start the race to the end of the year.
It is important to create an organization-wide cyber security culture. Train your staff.
Many organizations think of cybersecurity strictly in terms of information technology (IT): Lock down the data, the assumption goes, and all is well. But threats aren’t always external – some come from within the organization.
Recent studies continue to show that roughly one third of most organizations’ employees have never received any form of cybersecurity training. With many staffs stretched thin these days, employees may unintentionally cause data breaches by clicking on a phishing email or inadvertently downloading a malicious document or access a link on their work computer that allows hackers to access your system.
Credit unions must make cybersecurity part of the company culture. Leaders can kickstart these efforts by engaging their staff in discussions on which types of threats most concern them and developing a comprehensive approach to minimize those risks. Oftentimes, this may mean engaging your IT providers or other outside sources to assist with training.
The following are a few tips pulled from resources available to our credit unions on behalf of our system partner CUNA Mutual Group and their Credit Union Protection Center.
Consider these four essential components of a good employee-related cybersecurity plan:
To help credit unions safeguard data, employees must first know what the threats are, from phishing emails to malware to social engineering, and teach employees about the tools of cybercriminals’ trade. Create checklists and “cheat sheets” to help them understand the steps they can take to safeguard the organization from cybercriminals.
Surprisingly, just 68 percent of organizations provide data protection awareness and training programs for employees. Training is an invaluable tool in helping employees adopt better cybersecurity practices. Once employees have a foundational understanding of the threats, behavior-based training improves their cyber-awareness.
In addition to making cybersecurity training part of the onboarding process, include continuous cybersecurity-related activities, even in performance evaluations. Performance reviews often are tied to bonus and compensation, so incorporating cybersecurity data or observed behaviors as a benchmark may compel employees to abide by the company’s best practices.
Third-party vendors or solution providers are a critical part of your team, but they may also pose their own risks. Many organizations report having had a data breach caused by a vendor. Verify that organizations with which you do business have the same threshold of cybersecurity as your credit union.
CUNA Mutual Group’s Protection Resource Center has a variety of cyber risk and security resources where you can access even more information.
Most credit unions already work with trusted IT providers and cybersecurity partners. Question and challenge your IT providers and cyber providers to make sure they are doing what you need. Don’t fall into a “set it and forget it” program.
If you need assistance with IT or cyber security solutions, please reach out to your Association. We have several product partners willing to help, and I am happy to help you find a solution that will work best for your credit union.
Have a great week, and don’t forget to brush and floss. Remember, an ounce of prevention…
Contact George McDonald at firstname.lastname@example.org or 701.250.3942.
The Memo is DakCU's newsletter that keeps
Want the Memo delivered straight to your inbox?