October may be National Cybersecurity Awareness month, but the emphasis put on safeguarding customers’ digital data should be a top priority no matter the time of year. In 2017, nearly half of the population had their data exposed after the Equifax breach. By the mid-point of 2018, there were already 668 total security breaches and nearly 22.5 million records exposed. Community banks and credit unions are turning to technology to create a more efficient lending environment, as well as a more millennial-friendly digital experience. While technology can be an invaluable investment for a financial institution, it is also imperative to instill proper security controls and protocols for those technologies within the organization.
In 2005, there were fewer than 200 significant security breaches in the U.S., vs. in 2017, when the number of breaches topped 1,300. While the business and medical sectors are faced with substantially more security breaches than the financial services industry, the number of security breaches at financial companies is certainly on the rise in recent years. The financial services industry encountered 69 breaches in 2017; meanwhile, by the half-way point of 2018, there had already been 84 breaches. Creating a digital experience for your customers and members goes beyond a beautiful website display or new online capabilities – it also means ensuring their information is safeguarded.
To create a culture of cybersecurity awareness at your financial institution, there are critical educational and preventative measures for employees, board members, stakeholders, and vendors to acknowledge.
Cybersecurity is built in a proactive—not reactive—environment
One of the worst things an institution can do is to wait for something bad to happen before developing a robust cybersecurity system. Cybersecurity is not an occasional concern, but rather an everyday task that each employee at an institution should take seriously. Developing full buy-in from each employee at your institution is a critical first step to building a proactive culture of digital security. Emily Larkin, Chief Information Security Officer at Abrigo, suggests starting at the top with leadership and board members. “Get their attention by outlining the potential financial impact of a cybersecurity incident and breach,” Larkin said recently in a column for BAI Banking Strategies. “This is not a scare tactic, but a reality check and an education tool for those focused on growth and financials.”
Information security extends far beyond the IT team, and protective firewalls can only go so far. Larkin explains that employees at all levels should understand the financial implications of a breach, the reputational risk at stake, as well as the current vulnerabilities within an institution.
Align values with vendors
Purchasing software for an institution is a big undertaking, not only financially, but also from a due diligence perspective. Your customers and members expect your institution to keep their data safe and secure, and your institution should uphold those same standards for any third-party vendors it partners with. Be sure that your institution’s vendors hold the same cybersecurity standards as your bank or credit union. McKinsey & Company recommends scheduling regular conversations with vendors to state the levels of security required to protect your institution’s information. During these discussions, devise clear recovery and compensation plans and take the time to understand exactly how your institution’s data will be used. Banks are viewed as the most trusted provider of data security, but they also bear the largest obligation to accountability should a breach occur. Be sure to fully vet and choose third-party vendors that will continue to allow your institution to uphold customers’ trust and pass regulatory scrutiny.
