CUNA Mutual Group: How to create an organization wide cybersecurity culture

CUNAMutualGroup_Logo_VT_4CEmployees may unintentionally cause data breaches by clicking on a phising email or by mistakenly downloading a malicious document or accessing a link on their work computer that allows hackers access to a system.

Faced with such challenges, credit unions must make cybersecurity part of the company culture.

According to Carlos Molina, risk management consultant for CUNA Mutual Group, these are four essential components of a good employee-related cybersecurity plan:

Awareness helps companies safeguard data. Employees must first know what the threats are. Companies should first understand data classification and the difference between public and confidential data. From phising emails to malware to social engineering, employees should be taught about the tools of cybercriminals’ trade. Communication to employees about cybersecurity efforts and having checklists and “cheat sheets” may also help them understand the steps they can take to safeguard the organization from cybercriminals. CUNA Mutual Group’s Protection Resource Center has a variety of cyber risk and security resources available.

Training. Surprisingly, just 68 percent of organizations provide data protection awareness and training programs for employees. This can be an invaluable tool in helping employees adopt better cybersecurity practices. Once employees have a basic understanding of the threats, they will be able to create situational or behavior based training that will improve their cyber-awareness. Highlighting scenarios that should be red flags, such as what to do if they receive an email message that invites them to click on a link. Molina noted that behavior-based training can be as simple as teaching employees whom to contact to find out how to secure a new device in a “bring your own device” network environment.

Accountability. In addition to making cybersecurity training part of the onboarding process, including continuous cybersecurity-related activities even in performance evaluations is important, according to Molina. Performance reviews often are tied to bonus and compensation, so incorporating cybersecurity data or observed behaviors as a benchmark may compel employees to abide by the company’s best practices.

Vendors and third-party vendors are a critical part of a team, but they also pose their own risks. In fact, 59 percent of organizations report having had a data breach caused by a vendor. Employees should verify that organizations with which they do business have the same threshold of cybersecurity as credit unions.

To learn more about how to mitigate cybersecurity risks, visit CUNA Mutual Group’s website.

Carlos Molina is a risk management consultant for CUNA Mutual Group, the leading provider of insurance and financial services to credit unions and their members. He can be contacted at

Leave a Reply