Here's an example: A credit union may work with a financial advisor and that advisor had a very active client — one who typically contacted him by email, and frequently used funds from his accounts to close business deals with a variety of partners. But then a fraudster expertly mimicked this client's requests for funds and managed to steal a large amount of money, all in sums that were a shade under the $250,000 level that would bring on a full-bore federal investigation. The credit union could now be working through an Errors and Omissions compliance situation.

Now you may be thinking, "I'd never fall for such a scam." But to sit down and look at the emails, they seemed completely legitimate. They used the correct email address, with no indication that the emails (and funds) were being diverted elsewhere — not even after a forensic analysis. The language used in the emails was eerily similar to the client's typical communications. In all likelihood, the fraudster had been monitoring the client's emails for some time, and so was able to make the fraudulent communications seem normal.

As the credit union asset manager who would be releasing the funds to a third party, you followed its Compliance Policies and Procedures and did what it was supposed to do: We called the advisor and confirmed that the transactions had been verified with the client. The advisor and credit union were accustomed to communicating by email, affirmed that they had. Everyone did what they were supposed to do — but still, the theft took place.

Think about a typical work day. You're in the throes of your business, you're busy, and you get an email. Most of us aren't taking the second look and asking about fraud. But today you must do so, especially if you're working with clients who tend to move money around, whether for business needs or family distributions, such as tuition or travel. Even phone calls can get diverted to a third party — and if that person has the right answers to your identity questions, you could be deceived.

Doing Things Differently

We all have to take a wider view of cybersecurity, identity theft and fraud. The SEC has been watching this for some time. Internet fraud is increasing, scams are getting more sophisticated. It's hard to imagine that, with all the precautions you think you have in place, fraud couldn't still bite you. But it can. Financial custodians do work with advisors but everyone has to do their part.

Some financial institutions have updated their compliance policy to include: Not accepting electronic communications as the only form of communication for any electronic transfer of funds or third-party distributions.

Some credit union financial experts call the advisor and ask if they have spoken directly with their client. If the advisor says yes, then the responsibility ends there. But some financial institutions go a step farther with mandated calls to the phone number of record and speak to the person who authorized the transaction. It's still not a perfect security defense.

No matter how large or small your credit union might be, these steps can help your members' accounts a little more secure.

Step 1: Speak Directly With Members

Do not accept electronic communication like email for any disbursement of funds from a member's account. In an age where your members are used to moving money and paying bills with a swipe of their finger on a smartphone, this may seem burdensome. But taking the extra step of old-fashioned communication may help prevent you and your members from being victimized.

Step 2: Train Your Staff

Create that culture of compliance and awareness of industry developments that exemplifies best practices. Everyone at the credit union needs to follow that cliché of public safety, "If you see something, say something." Because you will, most likely, have to deal with sketchy communications at some point. Look at every request, whether for information or funds, with a cynical eye.

Step 3: Review Your Operations Manual With a Fine-Tooth Comb at Least Annually

In today's sensitive environment, all employees of your credit union — including you, as a leader — need to make sure you have the right procedures and systems in place to protect the firm. You also need to set the tone for the credit union. Emphasize that it's an important effort and obey the rules yourself. Setting the right example will help make sure you have a tight ship.

Step 5: Don't Rely on What You Think You Know About Technology

Whatever you may know about information technology and security, fraudsters know more — this is their business.

Is it paranoia if everybody is really against you? That question used to be funny. In the era of cybercrime, though, a little paranoia can go a long way toward protecting your members, your credit union and your reputation.