With the increase in data breaches, ransomware and other malicious attacks, it is more important than ever for financial institutions to strengthen their cybersecurity strategies.
As we noted in a previous blog post, financial institutions must change their mindsets to more effectively execute cybersecurity best practices. Now, let’s dive into a few other misconceptions some community banks and credit unions have about cybercrime today.
“Our employees are adequately trained on security processes.”
Employees are often a top vulnerability for financial institutions, especially if they are unfamiliar with security protocols for the organization. To help mitigate this threat, training is critical for all employees – from tellers and loan officers to the president and CEO. This means all staff must be adequately trained to spot security issues; they must understand the importance of protecting sensitive information and recognize the risks of mishandling this information. Even effective training must be augmented with a strong IT security strategy to ensure the proper defenses are in place and that employees are able to detect and prevent cyber threats.
In addition, financial institutions should instill the concept that security responsibilities belong to everyone in the organization. All employees should understand the role they play in upholding the security of the institution and not rely solely on the IT or security department to safeguard sensitive information. When everyone is held accountable for the security of financial data, the staff is more equipped to handle the unexpected and protect the institution from harm.
“Our vendors are secure.”
Financial institutions rely heavily on third-party service providers to offer specialized expertise and services to ensure the institution is successful, keep their operations running smoothly and help improve the overall quality and efficiency of the organization. Vendor management has always been an important issue for financial institutions, but with increased scrutiny from the Federal Deposit Insurance Corporation and National Credit Union Association (NCUA), they now run greater risk of getting fined for not adequately managing third-party vendors, especially if there are gaps in security that cause increased cybersecurity risk.
Financial institutions should understand that their cybersecurity posture is only as good as the cybersecurity of their vendors. Often, a third-party service provider can unknowingly provide a back entrance to hackers who are looking to steal sensitive customer data. Having a procedure in place to identify the risks associated with each vendor will help banks and credit unions to effectively research third-party providers and help mitigate potential risks to the institution.
“Our data is not interesting to cybercriminals.”
Financial institutions house significant amounts of personal data that is valuable to hackers such as social security numbers, bank account numbers and personal identification documents. According to research by Juniper Networks, personal data, including name, date of birth, address and social security number, can carry a value of around $20 to $40 per person. Bank account information is worth a staggering $187 per person, CNNMoney reported. Credit card information values vary, running as high as $102 per number, according to CNNMoney, to as low as 75 cents per number, depending on the size of the data breach, the freshness of the information and from where data was stolen. Cybercriminals have obtained hundreds of thousands, and sometimes millions, of credit card numbers in recent large-scale breaches, which resulted in lofty payoffs.
Moving forward, financial institutions need to recognize the importance of investing time and money into cybersecurity and compliance best practices that secure data and adequately protect organizations from cybercriminals. The first step in changing their mindset is to acknowledge the significance of staying informed and educated on the latest threats and creating a security culture throughout the organization. Financial institutions that develop and implement a proactive defense plan are much more effective at combatting cybercrime.
For more information on cybersecurity, download our white paper, “Ransomware and the Evolving Security Landscape of Today’s Financial Institution.”