From the Blog

Cybersecurity in 3 Days: Trends, Threats, and Takeaways

Blog by John Martin June 26,2025

In May 2025, I had the opportunity to attend a three-day cybersecurity conference that brought together some of the sharpest minds in cybersecurity and IT professionals in the Credit Union Industry. While I expected to be bombarded with acronyms and anxiety-inducing stats (which, to be fair, did happen), I came away with a fresh perspective, some actionable insights, and a renewed sense of how to make Brooklyn Coop network infrastructure even more secure and prepared for the future.

Here are a few highlights:

  1. The Human Factor Is Still the Weakest Link

Multiple speakers emphasized that despite all the safeguards, the biggest risk to unauthorized access to information or member funds is still people, whether staff or members. Phishing emails and texts continue to fool users as attackers craft increasingly convincing social engineering campaigns. People aren’t aware of the abilities of Bad Actors. I know the countless times I’ve had to explain to my 70-year-old mom that “if it looks to good to be true it probably is”.

We need to meet members where they are — and gently but clearly correct what they think they know. This will lay a foundation for our members to protect themselves. Since we are a small CU we have an intimate relationship with everyone who walks through our doors, so why not start there? This month, I will be hosting a Cash IRL workshop based on showing members how to avoid these traps.

  1. AI and Automation Are Game Changers — But Not Magic

There was a lot of buzz around AI, as expected, with Big Tech and the US Government spending billions to establish an AI infrastructure. The change is inevitable. It can help achieve goals, increase operational efficiency, and manageability. I believe Bk Coop will need to implement policies and practices when incorporating AI use not only within our infrastructure but making sure our vendors can’t use our data to train their AI models. In the coming months my plan is to outline policies and assess the use of AI.

  1. Breakdown: One Size No Longer Fits All

Cybersecurity education should be personalized. Gen Z might respond best to quick videos, while older members may prefer printed guides. Members conducting higher-risk activities (like wire transfers) deserve more targeted advice. Tailored education based on behavior, risk, and demographic preferences makes communication more effective.

Perhaps Member Service staff can address member concerns related to suspicious emails, calls, and login security. Or maybe we offer incentives such as “Cyber security member of the month”? There are untapped opportunities to weave cybersecurity nudges into the member journey — during logins, password resets, transactions, or app updates. The best teaching moments are in real-time.

  1. Developing a plan and setting expectations:

Multiple speakers at the conference emphasized protecting our infrastructure through guidelines that connect policy, risk assessment, and procedures that include defining ownership and chain of command, ensuring regular review and management approval. For example, an IT Disposition Plan involves replacing and removing old hardware. The speaker referenced NIST-800-88 which gives guidelines on how to properly dispose of hardware. In the past I usually just took out old hard drives and “collected” them in a box. Going forward I will create a policy for all media disposals.

  1. Examiner Expectations:

This session gave a peek behind the curtain at what federal banking examiners are really looking for. Since this is my first time doing IT at a credit Union, I wasn’t aware of what goes into auditing. The key seemed to foster a culture of compliance and documentation. I took away that if you want to keep your examiners happy (or at least not alarmed), show them that you not only understand your risks but have a plan (policies) to mitigate them. I was happy about this because the steps the speaker was saying should be taken, we are already implementing, such as internal audits and penetration testing on an annual basis, and steady communication with an experienced third-party provider.

 

Final Thoughts: I’m excited to apply these lessons here and look forward to exploring how we can align the great things we do at Brooklyn Coop with what’s working across the industry — from education and oversight to policy integration and beyond.  See you at the workshop!

 

 

Mission & History Disclosures Contact us Our Staff Governance Financial Reports Grow Brooklyn

Bushwick

1308 Myrtle Avenue Brooklyn, NY 11221

  1. Mon: 9:00am - 2:00pm
  2. Tue:9:00am - 4:00pm
  3. Wed: 9:00am - 2:00pm
  4. Thu: 9:00am - 2:00pm
  5. Fri:9:00am - 6:00pm
  6. Sat: 9:00am - 2:00pm

Bedstuy

1368 Fulton Street Brooklyn, NY 11216

  1. Mon: 9:00am - 4:00pm
  2. Tue:9:00am - 4:00pm
  3. Wed: CLOSED
  4. Thu: 11:00am - 6:00pm
  5. Fri:9:00am - 4:00pm
  6. Sat: 9:00am - 2:00pm

East New York

282 Chestnut Street Brooklyn NY 11208

  1. Mon: CLOSED
  2. Tue:CLOSED
  3. Wed: 9:00am - 2:00pm
  4. Thur:9:00am - 2:00pm
  5. Fri:9:00am - 4:00pm
  6. Sat: 9:00am - 2:00pm
Extra Image 1 Extra Image 2
Brooklyn Coop Tree

Routing Number: 026084262

© 2025 Brooklyn Coop. All Rights Reserved.

Translate »