ATTENTION ONLINE CREDIT UNIONS
This holiday season, cybersecurity should be top of mind for all credit union professionals. Maintaining member data security begins with YOU, so what should you be doing right now to improve your chances of staying ahead of the bad guys trying to steal your member’s information?
- Don’t trust email
- Email remains a primary weapon of deception for bad actors. It’s easily spoofed to look like someone you might trust.
- Verify with the sender before clicking links or opening attachments.
- Test your users with fake emails and make sure they can identify the suspect ones.
- If in doubt, delete it!
- If you use cloud email services, turn on multi-factor authentication right now
- Bad actors are tricking users into giving up their cloud passwords, and then accessing the victim’s email to impersonate them or steal what’s in their mailboxes.
- Multi-factor authentication requires a secondary code on a device like a smartphone to gain access to the account.
- Turn on multi-factor authentication NOW for all your cloud accounts if you haven’t already.
- Don’t be an administrator
- Admin level accounts are the first ones bad actors try to abuse.
- Reduce your risk by knowing which accounts are administrators, and remove those that aren’t absolutely necessary.
- Never use an administrator level account to operate your computer daily. Administrator accounts should only be used sparingly when needed to make configuration changes.
- Know your user accounts. Look for unexpected or suspicious accounts.
- Avoid storing member data unencrypted on your network.
- Delete it promptly when you’re done with it.
- Regularly review your network management reports
- Understand the health of your network, backups, firewall and cyber hygiene.
- If you’re not getting reports from your network manager, ask for them.
Other great tips can be found in the CUSO Mag article Four Things Credit Union Executives Should Do About Cybersecurity Right Now. If you have questions about, or would like verification for these recommendations, please contact your network administrator, or reach out to the Help Desk if you’re a CNS-managed client.