As October ushers in Cybersecurity Awareness Month, the spotlight turns once again to the importance of protecting sensitive information and reinforcing trust in the financial system. For credit unions, this isn’t just a compliance issue — it’s about ensuring operational resilience and safeguarding the member relationships at the heart of the cooperative model.
Matt Baaki, our Chief Technology and Digital Officer, recently shared his perspective on the threats keeping credit union leaders awake at night — and the practical steps every institution should consider.
Q: Why should credit union leaders care about Cybersecurity Awareness Month?
Baaki: Cybersecurity can’t be treated as a box-checking exercise—and it’s about more than compliance. At the end of the day, credit unions are in the business of trust — members need to feel confident that their financial institution will safeguard their information and money. When you make security a leadership priority, you’re also protecting brand reputation and ensuring resilience in the face of disruptions.
Q: What are the most pressing cybersecurity threats you’re seeing in the credit union space?
Baaki: The threat landscape is constantly evolving, but right now we’re watching several areas very closely. Ransomware remains a huge concern, with attackers looking to hold systems hostage until payment is made. Phishing and social engineering are also on the rise, with adversaries targeting people as much as technology. Insider threats can’t be overlooked either — even well-intentioned employees can open the door to vulnerabilities. And vendor risk is only growing as credit unions depend on a larger network of third parties.
Q: How can executives ensure cybersecurity becomes a board-level conversation?
Baaki: It starts with direction and tone from the top. If cybersecurity is left solely to the IT department, you’ve already created a blind spot. Boards should regularly review cybersecurity posture and incident response readiness. Executives can lead by embedding security into the culture — ensuring that everyone, from staff to directors, understands that protecting the institution is a shared responsibility.
Q: What are some practical steps leaders can take this month to strengthen their defenses?
Baaki: Cybersecurity Awareness Month is a great time to reset and reinforce best practices. I recommend three actions:
- Refresh employee training so your team knows how to spot phishing attempts.
- Review your vendor risk management processes and make sure due diligence is up to date.
- Run an incident response tabletop exercise. Ask yourself: When was the last time we tested how our organization would react to a real-world breach? That preparation can make all the difference.
Q: How does cybersecurity connect with strategic growth for credit unions?
Baaki: Every credit union is working on digital transformation, whether that’s online banking, mobile apps, or ITMs. But if you’re not embedding security into those initiatives, you’re inviting trouble. Security and innovation have to go hand in hand. When members and regulators see that you’re balancing convenience with vigilance, you reinforce confidence in your institution.
Q: Finally, what role does a partner like MDT play in helping credit unions manage risk?
Baaki: No institution can do everything on its own. That’s where a technology partner like MDT comes in. We help co-manage risk, provide around-the-clock monitoring and patching, and make sure our credit unions are aligned with compliance standards. Our goal is to close the gaps that are difficult to handle internally, so leaders can focus on strategy and member service while knowing their cybersecurity posture is strong.
Conclusion
Cybersecurity Awareness Month serves as a reminder that protecting data and systems is not just an IT project — it’s a leadership mandate. As Baaki puts it, “Balancing innovation with vigilance is the only way forward.”
For credit unions, the challenge is real — but so is the opportunity. With the right culture, practical steps, and strong partnerships, institutions can turn cybersecurity into a source of resilience and long-term member trust.