October 31, 2024
Cybersecurity Awareness Month might be observed in October, but the topic should be on your credit union’s radar all year long. With more financial and personal information being stored online, your CU and members must learn how to keep that information safe.
Here are 6 effective ways to boost cybersecurity awareness at your credit union:
Your credit union should have clear cybersecurity policies in place, that are kept up to date and accessible to employees. If you need assistance establishing effective policies, or are looking for more information and tools, the National Credit Union Administration (NCUA) has cybersecurity resources specifically for credit unions.
The NCUA website is also a great place to report cyber incidents, stay informed on the latest cybersecurity news, and help ensure your policies meet credit union compliance requirements.
Obviously, new employees should be informed of your CU’s policies and procedures, but even your long-term staff should receive regular cybersecurity training. Find ways to incorporate regular training opportunities that keep your employees informed of policies and reminded of common cyber-attack warning signs.
When informative webinars are announced by the NCUA, the Federal Trade Commission (FTC), or other trusted agencies, share them with your employees and encourage them to register. Even if the timing of the webinar doesn’t fit into their work schedule, most webinars are recorded and will be emailed to registrants after the event.
Have your security or IT department put together quarterly PowerPoint presentations with follow-up exams, testing employee knowledge of cybersecurity policies and procedures. This will help inform the credit union of any updates and test their ability to spot threats to the credit union. Be sure to provide notice of the exam far in advance of its due date, so employees can complete it when it fits their work schedules.
First of all, be sure that all employees are aware of what phishing is and how it works. “Phishing” is when someone sends a scam email or text message that contains links to websites that contain malware that can sabotage your data. They can also trick readers into giving away sensitive information, such as passwords, social security numbers, or financial information.
Secondly, keep in mind that not all phishing attempts can be simply “simulated.” Scammers are constantly thinking of new ways to trick people into clicking links or responding to fake messages. This is why employing regular training and learning opportunities is key to protecting your credit union.
Your credit union’s security or IT department should put out random simulated phishing attacks to ensure employees know the warning signs, and how to report them! There are a variety of phishing simulation programs your CU can use. Be sure to do your research and choose a trusted company.
If there’s sudden news of a scam impacting financial institutions, share the information before it impacts your membership! Have your marketing department create eye-catching graphics for social media and write engaging content for your website, newsletter, and/or email correspondence.
To keep your marketing department up-to-date on current cybersecurity risks, have them sign up for Consumer Alerts from the FTC. They will get emails with the latest consumer advice and news about scams that will help them develop eye-catching and valuable content.
Don’t wait for the next scheduled training to update your credit union of adjustments to policies and procedures. As soon as your policies are updated, even slightly, put out a company-wide notice. Also, provide regular updates regarding new threats, tools, and strategies via email and/or meetings.
Not only will regular updates keep your CU in the know and prepared to fight off cyber-attacks, it will also help to harness feelings of inclusiveness and trust within your organization. When all employees are included and informed at the same time, it reduces the risk of confusion and miscommunication.
Make sure your employees are encouraged to report any suspicious activities or potential threats without fear of repercussion. It can be difficult to know whether something is a threat or not, so it’s important to ensure that your staff feels comfortable reporting on suspicions – even if they end up being mistaken.
By setting clear policies, implementing training, utilizing phishing simulation technology, creating engaging content, providing regular updates to your staff and members, and encouraging open communication, you can help boost cybersecurity awareness at your credit union!