Credit unions spend a considerable amount of time and money securing sensitive network data. But there's one data repository that credit unions often overlook when tightening security: paper.
"At some point in the future, everything will be digital, but for now, we're stuck with paper," said cybersecurity expert Jim Stickley. "Quite frankly, I'm surprised that so many credit unions we visit seem to forget about that."
According to Stickley, more credit unions need to put strict policies in place – and then enforce them.
Here are three tips for a more secure paper workflow.
1. Don't leave documents on the printer
"I've done hundreds of on-site audits over the years, and the first thing I do is look for documents left sitting in printers," said Stickley.
He said it's not unusual for an employee to, for example, print a document with the intention of taking it from the printer on the way back from lunch. That's a full hour during which any person with access can steal that data.
"Remember: Plenty of data thefts are inside jobs," he added.
2. Ensure documents make it to the shredder
"Everyone wants to do their part when it comes to recycling," said Stickley. "Unfortunately, some overzealous employees inevitably pitch sensitive documents into the recycling bin along with yesterday's newspaper."
It's essential, then, that employees be aware of the credit union's sensitive document policy. "It's not that employees are necessarily careless," he said. "They just need to be educated properly."
Stickley pointed out that even the most stringent policies won't prevent a lazy employee from tossing sensitive documents into the regular trash.
"Thieves know where your credit union is," said Stickley, "and more importantly, they know where your dumpster is." He said it's not unusual for criminals to engage in after-hours "dumpster diving" behind a financial institution's office.
"Most credit union executives don't want to hear this, but the best way to combat this is to do some occasional dumpster diving yourself," said Stickley. "That's the only way you can really know what's going out with the trash."
3. Educate your members on the perils of paper
Your members are becoming more and more savvy about such cybersecurity issues as email phishing scams. With so much focus on digital, members may forget that paper poses an equally serious risk.
"It's just as easy for me to print a bogus URL on a postcard as it is to put that same URL in an email," said Stickley. "In fact, from the criminal's standpoint, it can be better."
He said that a printed document creates an illusion of authenticity that simply can't be achieved in email.
"Of course, in the end," concluded Stickley, "typing in a fraudulent URL from a postcard will get you the same result as clicking a fraudulent link in an email. You're going to get ripped off either way. That's why employee education and member education are both so critical."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
