Philipp and other speakers at the symposium said one of the best tools is a framework for evaluating a cybersecurity program from the Rockville, Md.-based National Institutes of Standards and Technology.

Philipp said she liked the NIST's framework because it does not require a large amount of technical knowledge and can provide a credit union with an avenue for starting a conversation about cybersecurity.

For example, the very first step in the framework asks an organization if it is aware of how many different devices are attached to its network at any one time and where those devices are located.

NIST published the first generation of the Framework for Improving Critical Infrastructure Cybersecurity in February 2014 in response to an executive order from President Obama's Administration. Philipp stressed that the framework is voluntary now but speculated that future versions may contain elements that could become mandatory as policy makers and legislators begin to become more concerned about the activity of state-sponsored and independent hacker networks.

"The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure," the NIST wrote in the document's executive summary.

"The Framework provides organization and structure to today's multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively in industry today," the agency added.

While NIST stressed it didn't mean the framework's approach to fit every organization or institution the same, the agency said it had identified a core of five broad activities or functions that will help all organizations better understand and organize their cybersecurity efforts.

The five functions are identify, protect, detect, respond, and recover. Philipp and other speakers urged credit unions to begin to work at implementing this core.

The identify function can mean something as simple and essential as finding out how many computers of all types including laptops, desktops, tablets and even phones somehow access your network whether daily, once a week, once a month or less frequently.

Identify also means finding out which sorts of devices and computers these are and evaluating what their potential vulnerabilities might be, Philipp explained.

The protect function can include everything from training staff not to click on links included in emails from unknown senders to not inserting thumb drives from unknown sources into their computers' USB ports, Philipp said.

"Some of the largest security breaches in history have come about because an employee picked up a thumb drive he or she found on the ground outside the door of the building and put in the USB port where it installed malware," she noted.

The protect function includes programs to make sure computer software is as up to date as it should be. Credit unions can take measures to isolate or even more securely protect especially critical parts of its network.

The detect functions could include setting up relationships with outside firms that will help credit unions monitor their networks for signs that they're being attacked and ascertain as much information as possible about the attack, Philipp said.

The respond and recover functions address how cyberattacks can be limited or prevented from causing too much damage and how a credit union can most efficiently recover after an attack, NIST wrote in its framework.

NIST also made it clear that it did not mean the framework to be seen as a static document or process, meaning, credit unions should not think of doing it once and then being protected forever.