Skip to main content

Cyber Security for the Holidays and Everyday

Updated

Maintaining effective Cybersecurity protocols throughout the year should be top of mind for every credit union employee. The Holiday Season presents a variety of distractions for our credit unions and with that, more opportunities for bad actors to exploit vulnerabilities. Here are a few reminders on protecting your credit union and members from potentially malicious cyber attacks:

  • Create strong passwords using a mixture of upper and lower case characters, numbers, and special symbols. Passwords should be at least 8 characters or longer.
    • Practice changing your passwords at least every 90 days, including administrator passwords!
  • Train to recognize email phishing attempts:
    • The Displayed Name in the Email – a name displayed in the “from” box does not guarantee that this is the sender.
    • Suspicious Links (Don’t Click!) – If the web address you see when you hover over the link doesn’t seem to match the sender, be careful. And be wary if an email directs you to a website asking for a login, as this is the main way the bad guys will steal valid login credentials.
    • Spelling or Grammar Mistakes – If it doesn’t look or sound right, it’s probably not legit.
    • Odd Salutations – If the contact usually addresses you by your first name but the email greets you as “Valued Customer” or “Important Client”, send up a red flag.
    • Request for Sensitive Information – If asked for information you wouldn’t be comfortable with sharing, pick up the phone and call a known number to verify the request.
    • Implied Urgency – This scare tactic is designed to get you off-kilter and reply when you normally might not. If someone is threatening to stop a service without an immediate reply, stop and think about it and contact your tech nerd.
    • Images That Aren’t Quite Right – If the images or layout of an email seem a bit off, it’s likely an attempt to fool you.
    • Suspicious Domains – Many malicious emails use a domain that is close to the legitimate domain, but not spot-on. For instance, someone could use Capital0ne.com instead of capitalone.com to try and pull the wool over your eyes.
    • Non-Standard Attachments – If the attached file is not one you recognize (like .doc for a word file, .xls for an Excel file, or .pdf for a PDF file), be suspicious.
  • Be cautious of downloading free software
  • Be aware of Social Engineering – Social engineering refers to a broad spectrum of malicious activities using psychological manipulation to trick users into giving away sensitive information. Always be aware of the information you are being asked to provide to prevent oversharing. (The Board Chairman likely does not need your credit card number via email to purchase a ticket home from the CUNA conference.)
  • Always lock your PC whenever you are away from your workstation.
  • If you inadvertently open a suspicious email or click on that unwise link, immediately power off your PC or laptop and notify your system administrator.

Comments

0 comments

Article is closed for comments.