Credit unions are frequently described as having a culture of cooperation, support and inclusivity— but what about security culture?
IT teams and their technology cannot be entirely responsible for maintaining cyber security at your credit union. With modern cyber criminals attacking at all possible angles, security awareness needs to be engrained within every employee across your organization, from the in-branch tellers to the c-suite executives. The best way to accomplish this is by incorporating security awareness into your credit union’s culture.
Undergoing Security Awareness Training
The culture of any workplace can be driven by the training provided to employees. However, training can be seen as a tedious chore, rather than an important duty. Education and training that effectively drives a security culture at your credit union must be:
- Ongoing and consistent. Security training should not be a one-time task for each employee, but reoccurring. This will ensure that secure behaviours are maintained and embedded into the workplace culture.
- Updated. Cyber criminals are always adapting, so security training material should too. A culture that is truly concerned with security will keep up with cyber threat trends.
- Engaging. To avoid having security training labeled as just another onboarding chore, security training modules should use relatable situations and provoke audiences to think critically. This will keep training interesting and relevant.
- Practical. Hands on training includes testing how employees respond to possible attacks. For example, using simulated phishing attacks on employees allows them to put into practice what they have learned about social engineering. The pass or fail rate of these tests can help determine if security is well understood at the workplace.
- Completed by all. No one is allowed off the hook. If your credit union wants security to be embedded into the culture of the workplace, then every employee must participate.
Security awareness training from Celero checks these criteria. With its simulated phishing attack feature and consistently updated educational content, this training can help credit unions elevate the way their employees understand and prioritize cyber-security.
Employing Secure Technology and Practices
A credit union that strives to promote security will provide employees with tools and technology to help. Every decision made about what technology to use at work should include cyber-security considerations. Providing employees with these tools and explaining why they are important will establish that cyber-security should be taken seriously.
For starters, credit union employees share and keep sensitive data and files that need to be protected. Choose a secure email service to encrypt and protect this information without compromising efficiency. Additionally, platforms like Microsoft Office 365 enable productivity and collaboration amongst co-workers, while maintaining security.
For every account and platform used at your credit union, employees should also be using secure passwords and MFA. To help maintain this behaviour, password management technology can help. Password managers create and remember the passwords so that a human does not have to. This prevents bad practices like writing down credentials on paper or using easily guessable passwords.
Enabling protected communications and password hygiene through these technologies can help make secure behaviour feel easier and instinctive. When using and understanding these tools becomes the standard to employees, security has been engrained in the culture of the workplace.
Having Everyone On Board
As the saying goes, the chain is only as strong as its weakest link. The training and technology mentioned above must be understood and utilized by every employee. Having every department recognize the importance of cyber-security takes an organization’s basic security awareness, and elevates it to security culture.
The commitment of senior leaders within your organization can be the driving force behind creating a resilient security culture. When senior leadership makes cyber-security a priority, it sends a clear message to the entire organization that security is not just one department’s responsibility; it’s everyone’s concern.
Encouraging Action, Celebrating Success
Creating a culture of security involves not only preventive measures, but also a commitment to addressing incidents and recognizing the efforts of employees.
Employees should be encouraged to take action when they notice something concerning. Establish open, efficient and quick-response communication channels that employees can easily access and use to report incidents and concerns. Promote a “see something, say something” mentality by ensuring there will be no retaliation for incident reporting.
When employees follow security best practices, their contributions and achievements should be recognized. While cyber-security is serious, your approach can be light-hearted and fun, especially when celebrating successes, or introducing new initiatives. For example:
- Have public celebrations by showcasing success stories and security milestones publicly within the credit union. Use bulletin boards, newsletters, or the digital channels to celebrate achievements and share lessons learned from security incidents.
- Consider offering incentives or rewards for employees who consistently follow security best practices, report incidents or actively participate in security training and initiatives. This can include bonuses, gift cards or extra time off.
- Host activities and events to engage employees. For example, a credit union can use these free, cheeky Halloween themed cards from KnowBe4 in a variety of activities during October. KnowBe4 has three creative activity suggestions listed here, all of which can be adapted for online and in-branch workplaces.
These kinds of celebrations and acknowledgements make security more relevant, exciting and common in the workplace.
Whether a credit union is trying to cultivate a culture of innovation, cooperation or security— these traits should be tangible to any member that enters your branch, talks to your advisors or views your social media and website. Give members an opportunity to witness and participate in your security culture through:
- Cybersecurity resources. Provide cybersecurity literature and educational resources to your members. Consider creating pamphlets, brochures or online resources that offer tips on cyber-safety, recognizing phishing attempts and protecting personal information. These materials can be distributed in branches or made available on your credit union’s website.
- Interactive Workshops and Webinars. Host cybersecurity workshops or webinars that are open to members. For example, consider something like Synergy Credit Union’s Seniors Food for Thought Breakfast chat about seniors financial and fraud safety, which was hosted this summer.
- Security Initiatives. Launch member-focused security initiatives to promote awareness and safe online practices. For example, a credit union can participate in Cybersecurity Awareness Month via a social media campaign. The Canadian Government provides free resources each year for organizations to use on social media and in their workplaces. Take these resources and make them your own.
These ideas can all be taken a step further with the hosting of special events and promotions. Members who participate in these initiatives could be eligible for rewards or incentives.
Through training, technology, recognition and inclusion, you can cultivate security culture at your credit union. To learn more about how Celero can assist you with any security needs and questions, talk to your Celero Account Executive or contact us.