Get A Quote
Written by Silvia Bitchkei on 31 October 2019

Cybersecurity 101 for Credit Unions: How to Strengthen Your Cybersecurity Posture

How can credit union professionals implement and strengthen their cybersecurity posture within their organizations? 

Much like banks, credit unions hold large amounts of highly sensitive data about members, including financial and personal information such as credit scores, banking information and investment history. Unfortunately, many credit unions are still at a loss when it comes to properly securing their critical data assets against cyberthreat, breaches and intrusions.

Most recently, Desjardins, the largest association of credit unions in North America, fell prey to a cybersecurity incident when an employee leaked the personal information of more than 2.7 million individual members and 173,000 businesses outside the institution.

In this blog article, you will learn more about:

  • Fundamental cybersecurity baselines and best practices for credit unions
  • Why cybersecurity is important for credit unions and the industry in general
  • How credit unions can determine their own cybersecurity posture
  • What are the first steps credit unions should take to improve their cybersecurity posture


Related Posts:


Introduction to Cybersecurity

Before we dive deeper into cybersecurity for credit unions, let’s have a look at what cybersecurity actually means.

Cybersecurity is most commonly defined is a set of strategies, techniques, and controls to reduce risk and ensure that your data assets are protected.

In general, security should be looked at as striking the balance between access and control.

  • Too much access may disclose too much information.
  • Too much control could be a burden.

In today’s business environment, information has become a key resource for all organizations. Technology, in turn, plays an important role in the entire information lifecycle, including its creation, use, storage, treatment, disclosure and removal.

Business owners and executives are struggling to find a balance between protecting their confidential data assets, leveraging them effectively to generate business value from IT-enables investments and mitigating the respective risks that come with managing data, all while complying with various risks and regulations.

For credit unions (and all organizations processing or storing large amounts of confidential data), cybersecurity should be a regular part of their best practices.

Related Post: What is Cybersecurity all about?


The Cybersecurity Dilemma for Credit Unions

“Cybersecurity is a systemic risk that affects all levels of business, government and ordinary people. It is such a high-risk area for credit unions that the National Credit Union Administration (NCUA) placed cybersecurity as a top focus for exams.” (National Association of Federally-Insured Credit Unions)

More often than not, credit union professionals find it challenging to balance their many priorities with the implementation of an effective cybersecurity strategy.

Here are just some of the challenges that IT and security professionals at credit unions face:

  • Managing Business Risk
  • Addressing the Cybersecurity Skills Gap
  • Meeting Compliance Requirements
  • Tackling Data/IoT Security Issues
  • Aligning Security Spend with Corporate Strategy
  • Strengthening Security Posture and Maturity

When it comes to choosing the right cybersecurity strategy, how are organizations supposed to know what is best? Should you conduct regular penetration testing, vulnerability assessments, control assessments, compliance audits, risk assessments, security program reviews, etc.? The list goes on! How often should this be done? And how can you be sure that these initiatives will actually pay off?

Cybersecurity Posture Credit Unions

According to Help Net Security, “cybersecurity strategy needs to be led by the board, executed by the C-Suite and owned at the front lines of the organization.”


Cybersecurity Baselines & Best Practices for Credit Unions

While it is easy to become overwhelmed of the sheer thought of implementing an effective cybersecurity strategy, your best battle strategy is put your cybersecurity posture at the core of all security initiatives you undertake.

By doing so, you will be able to tackle the following cybersecurity best practices with greater ease.

  • Know where your assets are and what their value is.
  • Define your potential risks.
  • Implement effective security controls.
  • Know your internal and external threats.
  • Evaluate and strengthen your cybersecurity posture.

We will go over each of the above best practices in detail.


1.    Know Where Your Assets Are and What Their Value Is

According to ISO/IEC PDTR 13335-1, an asset is defined as “anything that has value to the organization, its business operations and their continuity, including Information resources that support the organization's mission.”

To improve your cybersecurity posture, your credit union should identify

  • what your mission-critical assets are,
  • what their value is, and
  • where they are located.

Knowledge is power. Having awareness of your critical assets will help you define a cybersecurity strategy that focused on protecting your most critical assets adequately. This way, you will be able to allocate the largest chunks of your budget to protecting assets that are most important to be protected.

Important: Not all assets have equal relevance to your credit union, which is why it is impossible to protect all of them equally.

Related Post: How to Locate your Company Assets to Ensure their Protection


2.    Define Your Potential Risks

Risks represent the potential for loss, damage or destruction of an asset following a threat.

Before implementing an effective cybersecurity strategy, it is important for your credit union to think about all potential risks that you may be facing.

  • Which scenarios could potentially lead to a breach?
  • Who would be interested in exploiting our environment?
  • What could happen to my credit union if my critical assets were exposed?

By carefully reflecting about your risks, you will be able to outline security strategies that can help you reduce or mitigate these risks properly.

Related Post: Risk Management: Why Perspective is Essential


3.    Implement Effective Security Controls

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.

The main objective of security controls is to assist organizations in managing their risk and protecting their valuable assets against security incidents, cyber threats and data breaches.

There are 3 types of security controls:

  1. Preventative controls, attempting to prevent a security incident before it occurs.
  2. Detective controls, identifying a security incident while it’s happening (or shortly after).
  3. Corrective controls, limiting the damage following a security incident and helping a business to get back on track

In your credit union, controls can be malware defenses, internal processes, 24/7 monitoring, penetration testing or incident response techniques, for example.

Depending on your geography or the industry you operate in, you may want to follow a variety of security control frameworks, including NIST, ISO or the 20 Critical Security Controls issued by the Center for Internet Security.

Interested in learning more about how your organization can strengthen its security posture with the 20 CIS Critical Security Controls? Watch the recording of our webinar “Are You in Control? Managing the CIS Critical Security Controls within your Enterprise”, which we jointly hosted with SANS.

Related Posts:


4.    Know Your Internal and External Threats

Threats represent what could damage, destroy or compromise your assets.

Assessing the risks and threats of your credit union environment will help you define which types of security controls need to be implemented and strengthened to protect your assets from threats.

Important: Threats can be external or internal: hacker groups, employees, individuals with access to your devices/amenities, third parties.


5.    Evaluate and Strengthen Your Cybersecurity Posture

With your cybersecurity posture in mind, you will be able to adopt a focused approach to assessing, designing, developing, implementing and aligning your security posture. A Cybersecurity Posture Assessment provides an overall view of a customer's internal and external security posture by integrating all the facets of cybersecurity into only one assessment approach.

A cybersecurity posture assessment can help indicate how healthy or resilient your credit union is when it comes to cybersecurity, how effective it can protect against potential cyberattacks and how well it can maintain a strong cybersecurity posture as the threat environment evolves.

→ Want to self-assess your cybersecurity posture? Download our free checklist to find out!

New call-to-action

 Generally, a cybersecurity assessment is based on four (4) principal baselines:

  1. Credit unions need to know what they have and to what extend they need to protect it
  2. Credit unions need to know where they stand and what their strengths and weaknesses are
  3. Credit unions need to know where they are going and what needs to be done to get there
  4. Credit unions need to know how to stay in control of their security controls



It is increasingly difficult for credit unions to know what their current cybersecurity posture is and how well they could face security incidents. This can result in a variety of issues, including:

  • wasted security expenses,
  • misalignment between security initiatives and company objectives,
  • overworked security staff, and
  • a lack of security direction in general.

By knowing their cybersecurity posture, credit unions can develop a long-term security strategy that will protect your credit union, outline a concrete cybersecurity roadmap and help you strengthen your cybersecurity defenses over time.

Do you know what your credit union’s cybersecurity posture is? If you’re not sure, we’ve developed a handy-dandy checklist that will help you get a high-level overview of where you’re at in terms of your cybersecurity posture. Click below to download a copy.

Cybersecurity Posture Assessment Checklist

Related Posts

Don't Wait.
Get a quote today.

Toll Free 1 866-430-8166Free Quote
Secure Your Organization Today.