Given the recent headline-making security breaches from Equifax and Sonic Drive-In, there is a need now more than ever for credit unions to operate under strict guidelines for the sake of their members. The latest breaches can be attributed to a lack of attention to basic people and process controls. This means credit unions have an opportunity to make strategic investments in technology and resources to further protect against fraudsters and educate themselves on how to best protect their members.

Cybersecurity can be daunting. The good news is that fundamentals can go a long way: A credit union's cybersecurity technology should be based on a solid foundation of basic security "block and tackling." As we see in college football every weekend, a running back cannot make a big play unless the offensive linemen step up and make the blocks to open the holes. If the linemen fail, the team also struggles or fails. Similarly, an effective cybersecurity program is made up of the right combination of people, process and technology programs and controls. Unless the program is built upon a solid foundation of operational practices, such as patching, it too will eventually fall victim to an attacker. This balanced approach has enabled PSCU to build a secure, resilient infrastructure to support its members.

Here are a few foundational practices every credit union should strive to get right.