An independent cybersecurity review across many of Illinois’s largest credit unions reveals a wide range of results. These institutions hold members’ financial and personal data, yet many show gaps in basic email authentication.
Using data from audit.emailmenow.com, we evaluated each credit union’s domain across SPF, DKIM, DMARC, transport security (MTA-STS/TLS), and website security headers.
Cybersecurity Scores of Major Illinois Credit Unions
Overall compliance scores from audit.emailmenow.com. Re-run any domain at the link to verify.
| Rank | Credit Union | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Financial Plus Credit Union | financialplus.org | 84% | Strong |
| 2 | CEFCU | cefcu.com | 68% | Good |
| 3 | Great Lakes Credit Union | glcu.org | 64% | Good |
| 3 | NuMark Credit Union | numarkcu.org | 64% | Good |
| 5 | Alliant Credit Union | alliantcreditunion.com | 54% | Average |
| 6 | Credit Union 1 | creditunion1.org | 53% | Below Average |
| 7 | Scott Credit Union | scottcu.org | 50% | Below Average |
| 8 | BCU (Baxter Credit Union) | bcu.org | 42% | Weakest |
| 9 | Consumers Credit Union | myconsumers.org | 40% | Weakest |
| 10 | Deere Employees Credit Union | deerecreditunion.com | 30% | Weakest |
| 10 | Meadows Credit Union | meadowscu.org | 30% | Weakest |
What the Results Reveal
- Scores range from 84% (Financial Plus) down to 30% — only one Illinois credit union reaches a strong (70%+) posture, and none hit 85%.
- Four institutions sit at 42% or below, showing enforced DMARC (
p=reject), strict SPF, and transport protections are widely missing. - Weak email authentication enables impersonation, phishing, and fraudulent transfer requests targeting members and staff.
Why This Matters for Credit Unions
GLBA and the FTC Safeguards Rule require documented safeguards for members’ nonpublic personal information.
Check any credit union’s posture at audit.emailmenow.com/?industry=financial-advisors.
See also — national audit
Recommendations
- Enforce DMARC (
p=reject), strict SPF (-all), and DKIM signing. - Add MTA-STS and website security headers.
- Maintain a documented safeguards program with recurring security awareness training.
Protect your members. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=financial-advisors.
Contact EmailMeNow IT Consulting for help with safeguards documentation and email hardening.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.