Learn how to avoid phishing scams and protect member data in three simple steps!

Do you know what to look out for in phishing email scams? Often sent by email, these scams seek to infect computers with malware or steal personal information, but often, even savvy staff members can be fooled. Learn the three steps your credit union can take to ensure your members’ data and your credit union’s reputation are protected.

1. Offer a training program at your credit union

We all are on the move, with many things on our daily to-do lists. It is important to implement and maintain a regular training schedule to keep phishing scams top of mind, with monthly or quarterly increments being ideal. Curriculum should include what phishing scams are, what they look like, and that the emails often can be altered to look like they are sent from a known sender.

When receiving email from members, staff should carefully examine the email message to confirm it indeed came from the person allegedly sending it. Never download attachments or click on links in emails that look suspicious! When in doubt, check with your IT manager – better safe than sorry!

2. Draft and Follow a Standard Operating Procedure (SOP)

Your credit union may already have files that comprise a larger SOP. Be sure to include a section on what steps staff should follow to report any suspicious phishing emails, especially if an employee believes they clicked a link or downloaded an attachment that originated from a suspicious email. If malware is inadvertently downloaded, this should be reported immediately to your IT department to mitigate the threat quickly.

3. Incorporate Multi-Factor Authentication

Critical systems, especially those that host member data, should incorporate multi-factor authentication, which includes a second security step in order to login to a system. If a password were stolen in a phishing scam, having the additional step adds a level of security in that the thief could not access any information with the password alone.

Source: Avoid phishing scams: 3 steps, CUNA