In Partnership with Credit Union National Association
Go to main content
SOC - FacebookSOC - TwitterSOC - LinkedINSOC - YouTube
Michigan Credit Union League

Beyond IT: How to Create an Organization-Wide Cybersecurity Culture

Employees may unintentionally cause data breaches by clicking on a phishing email, downloading a malicious document or accessing a link that renders their computer (and the company’s system) vulnerable to hackers.

Faced with such challenges, credit unions must make cybersecurity part of the company culture. Consider these four essential components of a good employee-related cybersecurity plan:

1. Awareness
To help companies safeguard data, employees must know what the threats are. First, help them understand data classification and the difference between public and confidential data.

Then, from phishing emails to malware to social engineering, teach employees about the tools of cybercriminals’ trade. Communicate cybersecurity efforts and encourage managers to reinforce cyber threats in their interactions with employees.

Checklists and “cheat sheets” may also help them understand the steps they can take to safeguard the organization from cybercriminals. CUNA Mutual Group’s Protection Resource Center has a variety of cyber risk and security resources available at (User ID/password required).

2. Training
Surprisingly, just 68% of organizations provide data protection awareness and training programs for employees. This can be an invaluable tool in helping employees adopt better cybersecurity practices.

Once employees have a foundational understanding of the threats, create situational or behavior-based training that improves their cyber-awareness. Highlight scenarios that should be red flags, such as what to do if they receive an email message that invites them to click on a link. Behavior-based training can be as simple as teaching employees whom to contact to find out how to secure a new device in a “bring your own device” (BYOD) network environment.

3. Accountability
In addition to making cybersecurity training part of the onboarding process, include continuous cybersecurity-related activities even in performance evaluations. Performance reviews often are tied to bonus and compensation, so incorporating cybersecurity data or observed behaviors as a benchmark may compel employees to abide by the company’s best practices.

4. Vendors
Third-party vendors are a critical part of many teams, but they also pose their own risks. In fact, 59% of organizations report having had a data breach caused by a vendor. Verify that organizations you do business with have the same threshold of cybersecurity as the credit union.

To learn more about how to mitigate cybersecurity risks, see the new infographic and sign up for their 3-email educational series today.

Go to main navigation
Especially For:
2019-03-14 00:00:00