Happy 2022! Let’s start off the new year with a nod to cybersecurity – something that should be top of mind for all credit union professionals. Maintaining member data security begins with YOU, so what should you be doing right now to improve your chances of staying ahead of the bad guys trying to steal your members’ information?

Don’t inherently trust email.

Email remains a primary weapon of deception for bad actors. It’s easily spoofed to look like someone you might trust. Here are some email security tips:

  • Verify with the sender before clicking links or opening attachments.
  • Test your users with fake emails and make sure they can identify the suspect ones.
  • If in doubt, delete it!

If you use cloud email services, turn on multi-factor authentication, like, right now.

Bad actors are tricking users into giving up their cloud passwords, and then accessing the victim’s email to impersonate them or steal what’s in their mailboxes. Multi-factor authentication requires a secondary code on a device to gain access to the account. Turn on multi-factor authentication NOW for all your cloud accounts if you haven’t already.

Administrators beware.

Admin level accounts are the first ones bad actors try to abuse. Reduce your risk by knowing which accounts are administrators and removing those that aren’t absolutely necessary. It’s recommended to use an administrator account only sparingly to make configuration changes, rather than to operate your computer daily. Administrator account tips:

  • Know your user accounts.
  • Look for unexpected or suspicious accounts.

Avoid storing member data unencrypted on your network.

Delete it promptly when you’re done with it – plain and simple.

Regularly review your network management reports.

Understand the health of your network, backups, firewall and cyber hygiene. If you’re not getting reports from your network manager, ask for them. The more you know about your networks and applications, the more aware you’ll be, and awareness is EVERYTHING.


Provided by CU*Answers