The Basics Are Still Your Best Security Tool

It doesn’t take the latest statistics to demonstrate the importance of security for credit unions. From ransomware to e-mail, perpetrators can be relentless in their attempt to find a way into systems and accounts – or to wreak havoc on the smooth operation of your organization. Even with the sophistication of preventive tools and techniques, the basics are still best for combatting security issues on a daily basis.

Yes, passwords work.

Regular reminders to employees to practice regular password hygiene are a good idea. Be sure passwords and passphrases are a minimum of 14 characters – and don’t reuse passwords. You might also consider using a password manager like KeePass. It’s easy to get complacent about passwords, but consider this: 80% of data breaches are the result of poor or reused passwords, according to Verizon. That’s quite a motivation to keep passwords up to date.

Your device matters.

The ease of apps and accessibility makes it tempting and convenient to work from anywhere. That’s fine if you have the right protections and protocols in place. However, it’s a good rule of thumb to avoid accessing the credit union network from a personal or home device. It creates a security risk, making it worth the extra care of using a work device.

E-mail is still the leading access point.

E-mail is such a routine part of communicating within the organization, it’s easy to forget that business e-mail compromise continues to be the leading way into an organization. While everyone might already be aware about not downloading attachments or clicking links in e-mails from unknown senders, it’s actually important to think about all your e-mail routines throughout the day – and take nothing for granted. Were you expecting the “encrypted” e-mail or the request asking you to perform a sensitive action? Does the sender e-mail address seem accurate and fit the organization’s signature? Does the language used sound legitimate? Is there a sense of urgency that seems misplaced? Is there anything that just doesn’t seem right?

When in doubt, ask. It’s just that simple. Confirm the e-mail with a phone call or just walk over to the individual’s desk. Check your suspicions with IT and always alert them to any questionable e-mail you receive, so they can be ready.

Utilize tools that support your efforts.

There’s not any one way to secure your organization or its data, but everything you do adds greater protection. Help your people be human firewalls by familiarizing them with the latest scams and providing recommendations for mitigating risks with software like KnowBe4 security awareness training.  

Be sure to ask your vendors and partners what security steps they’re implementing. For example, VisiFI upgraded to Microsoft Defender for Office 365 to take advantage of the software’s safe links and safe attachments capabilities for e-mail, along with anti-phishing protection.

Ransomware remains a danger.

According to Sophos, 55% of financial institutions were hit by ransomware within the last year. In addition, the FinTech industry reports a 62% increase in ransomware in 2022. That makes it increasingly important that credit unions make it a point to emphasize security awareness, end-point protection and good file back-up and management. That’s what VisiFI continues to do. We’re happy to share what we know with you because good security helps us all succeed.

Share this post:


Brandon Jiminez

Security Analyst