Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

How to Increase Cybersecurity Awareness at Your Financial Institution

Kylee Wooten
October 15, 2018
Read Time: 0 min

October may be National Cybersecurity Awareness month, but the emphasis put on safeguarding customers’ digital data should be a top priority no matter the time of year. In 2017, nearly half of the population had their data exposed after the Equifax breach. By the mid-point of 2018, there were already 668 total security breaches and nearly 22.5 million records exposed. Community banks and credit unions are turning to technology to create a more efficient lending environment, as well as a more millennial-friendly digital experience. While technology can be an invaluable investment for a financial institution, it is also imperative to instill proper security controls and protocols for those technologies within the organization.

In 2005, there were fewer than 200 significant security breaches in the U.S., vs. in 2017, when the number of breaches topped 1,300. While the business and medical sectors are faced with substantially more security breaches than the financial services industry, the number of security breaches at financial companies is certainly on the rise in recent years. The financial services industry encountered 69 breaches in 2017; meanwhile, by the half-way point of 2018, there had already been 84 breaches. Creating a digital experience for your customers and members goes beyond a beautiful website display or new online capabilities – it also means ensuring their information is safeguarded.

To create a culture of cybersecurity awareness at your financial institution, there are critical educational and preventative measures for employees, board members, stakeholders, and vendors to acknowledge.

Cybersecurity is built in a proactive—not reactive—environment

One of the worst things an institution can do is to wait for something bad to happen before developing a robust cybersecurity system. Cybersecurity is not an occasional concern, but rather an everyday task that each employee at an institution should take seriously. Developing full buy-in from each employee at your institution is a critical first step to building a proactive culture of digital security. Emily Larkin, Chief Information Security Officer at Abrigo, suggests starting at the top with leadership and board members. “Get their attention by outlining the potential financial impact of a cybersecurity incident and breach,” Larkin said recently in a column for BAI Banking Strategies. “This is not a scare tactic, but a reality check and an education tool for those focused on growth and financials.”

Information security extends far beyond the IT team, and protective firewalls can only go so far. Larkin explains that employees at all levels should understand the financial implications of a breach, the reputational risk at stake, as well as the current vulnerabilities within an institution.

Align values with vendors

Purchasing software for an institution is a big undertaking, not only financially, but also from a due diligence perspective. Your customers and members expect your institution to keep their data safe and secure, and your institution should uphold those same standards for any third-party vendors it partners with. Be sure that your institution’s vendors hold the same cybersecurity standards as your bank or credit union. McKinsey & Company recommends scheduling regular conversations with vendors to state the levels of security required to protect your institution’s information. During these discussions, devise clear recovery and compensation plans and take the time to understand exactly how your institution’s data will be used. Banks are viewed as the most trusted provider of data security, but they also bear the largest obligation to accountability should a breach occur. Be sure to fully vet and choose third-party vendors that will continue to allow your institution to uphold customers’ trust and pass regulatory scrutiny.

Learn how to drive faster lending decisions.

Request More Information

Educate employees and customers on common scams

Education is a virtually free way to thwart a cybersecurity attack at your institution. Oftentimes, individuals can compromise information simply because they don’t know any better. The banking industry is one of the top targets of hackers using phishing attempts to breach security. Phishing scams can include spoofed emails or a spoofed website. To better prepare your employees for potential phishing attempts, Larkin suggests implementing phishing tests at your institution. Many tools allow institutions to send phishing emails, track those that open the email and click on links or other attachments, as well as teach users how they could have spotted common phishing tricks. Phishing tests also allow institutions to implement and exercise response plans to better prepare employees for reporting suspicious activity.

Perhaps attackers are disguising themselves as your bank or credit union. Will recipients be able to distinguish your email from an attacker’s? On your institution’s website, you can include resources to help educate customers and members on the ways to identify potential phishing attempts. Provide examples of frequent scam tactics, such as URLs or language, that attackers often use in their phishing attempts. Providing resources to your customers not only prevents customers from falling victim to phishing attempts, but it also strengthens your customers’ trust that your institution will keep their data secure.

There are many moving parts to developing a comprehensive strategy for cybersecurity awareness. Ensuring that every person who is part of your institution is committed to protecting its data and its customers’ data requires many different approaches. It’s important for financial institutions to understand that increasing cybersecurity doesn’t always mean purchasing more software. There are so many ways to bolster your security, simply by keeping employees, stakeholders, and vendors educated and informed with up-to-date best practices and preventative measures.

About the Author

Kylee Wooten

Media Relations Manager
Kylee manages and writes articles, creates digital content, and assists in media relations efforts

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.