Go to:

April 2019
< Mar May >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Beyond IT: How to create a cybersecurity culture across your organization
Tuesday, March 19, 2019 6:40 AM

Use awareness and training to make cybersecurity part of your culture.

By Carlos Molina, Risk Management Consultant

Employees may unintentionally cause data breaches by clicking on a phishing email, inadvertently downloading a malicious document, or accessing a link on their work computer that allows hackers access to your system.

Faced with such challenges, credit unions must make cybersecurity part of the company culture.

Consider these four essential components of a good employee-related cybersecurity plan:

1. Awareness

To help companies safeguard data, employees must first know what the threats are. First, help them understand data classification and the difference between public and confidential data.

Then, from phishing emails to malware to social engineering, teach employees about the tools of cybercriminals’ trade. Communicate your cybersecurity efforts and encourage managers to reinforce cyber threats in their interactions with employees.

Checklists and “cheat sheets” may also help them understand the steps they can take to safeguard the organization from cybercriminals. CUNA Mutual Group’s Protection Resource Center has a variety of cyber risk and security resources available at (User ID/password required).

2. Training

Surprisingly, just 68 percent of organizations provide data protection awareness and training programs for employees [PDF]. This can be an invaluable tool in helping employees adopt better cybersecurity practices.

Once employees have a foundational understanding of the threats, create situational or behavior-based training that improves their cyber-awareness.

Highlight scenarios that should be red flags, such as what to do if they receive an email message that invites them to click on a link. Behavior-based training can be as simple as teaching employees whom to contact to find out how to secure a new device in a “bring your own device” (BYOD) network environment.

3. Accountability

In addition to making cybersecurity training part of the onboarding process, include continuous cybersecurity-related activities in performance evaluations.

Performance reviews often are tied to bonus and compensation, so incorporating cybersecurity data or observed behaviors as a benchmark may compel employees to abide by the company’s best practices.

4. Vendors

Third-party vendors are a critical part of your team, but they also pose their own risks. In fact, 59 percent of organizations report having had a data breach caused by a vendor. Verify that organizations with which you do business have the same threshold of cybersecurity as your credit union.

To learn more about how you can mitigate your cybersecurity risks, see our new infographic and sign up for our three-email educational series today.

CARLOS MOLINA is a risk management consultant at CUNA Mutual Group.

Need help assessing your systems or managing your risk?

As technology changes, every credit union faces new security issues. Let Credit Union Resources help you stay on top of it—your future could depend on it. Our team of technology professionals provides guidance on compliance, shares best practices, and performs audits. We have a vested interest in your success, and your cybersecurity matters to us. To find out how we can help you manage cybersecurity and operational risks, contact:

Idrees Rafiq
800-442-5762, ext. 6799

About Credit Union Resources Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a wholly owned subsidiary of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.