Splashy cybercrimes that feature devious hackers breaking through a giant bank’s firewalls generally make front page news.

But that’s far from the whole story about how consumers’ confidential data gets into the wrong hands. Research shows employee error puts sensitive data at risk far more often.

Verizon data security experts analyzed more than 47,000 data “security incidents” in 2012. In these incidents, the exposure of this sensitive data didn’t necessarily involve crime or result in monetary losses.

“Error” ranks as the largest threat category, making up 48% of all incidents, according to Verizon’s 2013 Data Breach Investigations Report. Errors included lost devices, errantly addressed emails and faxes, and publishing mistakes.

Threats caused by malware and “misuse”—which covers employees’ violations of data-use policies—tied for second, at 20%.

All credit unions implement various network security measures to protect data against high-tech attacks. But employees also can protect members’ sensitive data with these four measures:

1. Double-check the destination of emails or fax numbers before hitting “send.” Anytime you’re corresponding with a member or third-party vendor that involves sensitive data, first check your credit union’s information security policies to determine if they permit transmitting members’ confidential data in
these ways. If so, best practices recommend you send only encrypted data.

2. Avoid saving data to movable memory devices—and keep your laptop secure if you take it off-site.

Laptops are a major target for thieves. Whenever possible, don’t take a laptop containing members’ confidential data out of the office. If you must, don’t leave the laptop in plain sight in your car, unattended in a coffee shop or library, or in other situations that invite theft.

Member data saved to thumb drives, CDs, or other portable media presents a huge risk. That’s why some credit unions lock down the USB ports and CD/DVD drives on their workstations.