Cyber Risk: What Your Employees Need to Know

By: Ann Davidson, VP of Risk Consulting, Allied Solutions 

Today, credit unions are doing a better job across the board enhancing their cyber risk management strategies to include more advanced risk controls.

However, one of the key risk controls that continue to be overlooked is employee education.  With the increase of the potential exposure to cybercriminal attacks, credit unions NEED to make employee risk education a top priority, so staff members at all levels of the organization can help your credit union detect and prevent future fraud risk exposures.

Regular risk training should be provided to employees in order to instill data security culture within the credit union. Employee risk education training should touch on:

  • Common cyber threats and security risks and the related vulnerabilities and threats to credit union operations, so employees understand the gravity of these potential breaches
  • Common warning signs for different types of fraud attempts so they know what to look out for and report
  • Workplace policies employees should follow to help prevent cybercrime, such as:
    • Internet & social media usage: Internet browsing should be limited ad social media usage should not be permitted while at work
    • Software usage: Employees should not install unlicensed software on any work device
    • Personal device usage: Employees should not use their personal computer, tablet, or mobile device while on your credit union’s network
    • Work device usage: Employees should not leave workplace devices unattended without securely locking them and should ensure virus protection software is kept current
    • Password usage: Employees should be required to use strong passwords that are unrelated to their personal information, and different for every secure account
    • Email usage: Employees should never respond to emails or open email links that look suspicious or are from unknown sources
  • The nature of data security and reminders that each employee is individually responsible for helping protect the credit union’s data
  • Legal and regulatory obligations to respect and protect the privacy of secure accountholder and credit union information
  • Procedure for incident reporting in the event a device being used on the credit union’s network becomes infected by a virus or is operating with unexplained errors, including the importance of common warning messages and alerts and who to report incidents to

Cybercrime is not going to go away anytime in the near future. That’s why it is critical that your credit union remain one step ahead of the cybercriminals by educating your employees about the part they need to play in protecting your credit union from these potential exposures.


Take a deeper look at cyber risk and send this informative webinar to your employees:  The Scary Truth About Cyber Risk and Fraud. This session will help your employees learn what they need to know to combat the growing risk of internal and external cyber risk that may impact your credit union and its members. The solutions presented in our webinar will help your financial institution get ahead of the curve and manage fraud risk in a strategic and proactive way.

Register here for Ann’s upcoming webinar on August 3 where she breaks down what the bad guys have been up to the first half of 2017, so you can see beyond the curtain and prepare for the latter half of the year. Fraud in 2017: What’s Hiding Behind the Curtain

Allied Solutions is the NAFCU Services Preferred Partner for Insurance- Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown Protection (MBP). More educational resource