To fight data breaches, organizations must treat all emails with skepticism and educate employees about cybersecurity risks. That's according to Jim Stickley, keynote speaker for CU Times' Oct. 6 virtual conference, "Data Breach Defense."

In his presentation, "Know Your Vulnerabilities: Credit Unions Are Only as Secure as Their Weakest Links," Stickley, founder and CEO of the San Diego-based security education firm Stickley on Security, said cybercriminals target financial institution employees because they don't know they are vulnerable.

"If employees did not have Internet access, it would reduce fraud by 75 to 80%," Stickley said.

Often times, scammers looking to access a system find the targets of their attacks via social networking sites such as LinkedIn. They can then go after employees with emails laced with phishing lures and social engineering tricks, enabling them to plant malware. Scammers may also coerce unsuspecting employees to divulge critical information that will open doors to the organization's system.

Stickley suggested organizations limit Internet access to employees who really need it.

He also noted implementing and maintaining an education program to help employees understand current threats is key.

"Education and awareness are not the same thing," he said, adding that employees should receive continuing education about security threats once per quarter.

Stickley recommended the following:

  • Treat all emails with skepticism.

  • Never give someone remote control of your desktop.

  • Never allow someone to install software.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).