October marked the 20th anniversary of National Cybersecurity Awareness Month (NCSAM), an initiative established by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security. NCSAM aims to provide professionals with online safety education and awareness to keep up with the constantly evolving cyber threat landscape.

Although NCSAM serves as an excellent reminder to prioritize cybersecurity awareness, it’s crucial to continue educating individuals throughout the year to achieve full effectiveness. Educating both your employees and customers supports a strong cybersecurity culture. This will help establish trust that your organization takes cybersecurity seriously and is dedicated to doing what’s best for everyone involved.

The Importance of Customer Education

Due to IT and cybersecurity-related regulations, financial institutions use security standards to detect, protect and respond to cyber events. But are you sharing this information with the customers you serve who are not as regulated?

Many organizations tend to overlook the potential risks posed by their customers. Poor cybersecurity practices of customers can result in a compromise that affects your bank. A malicious attacker successfully accessing your customer’s information can set them up for a corporate account takeover (CATO) scenario. Customer compromise is tough to combat and can often lead to reputational and monetary damage to your business.

Sharing a strong culture of cybersecurity has benefits beyond mitigating cyber risks; it builds confidence amongst your employees and customers that you have made it a priority.

Develop a Training Plan

Your customers will benefit from a training plan that includes basic cybersecurity knowledge, best practices and tips. To keep it simple, create a plan based on the same security awareness topics already shared internally, including:

• Social engineering and phishing: A good start for a training plan is to teach customers about the various social engineering attacks, giving extra attention to phishing. Introduce the idea of the Golden Rule of Email, which is to treat every email like it is a phishing attempt. Additionally, provide information about the dangers of phishing emails, explain how to identify and handle a suspicious email and suggest controls they can use to protect against this common threat.
• Physical security: Educate customers about physical security threats and best practices.
• Access controls, including passwords: Educate customers on the importance of strong authentication mechanisms. Stress the importance of length vs. complexity when it comes to passwords and encourage the implementation of multi-factor authentication (MFA) whenever possible.
• Remote access security: Educate customers on the importance of securing remote workers through the use of VPNs, wireless network best practices, quality anti-malware programs, etc.
• Use of encryption: Educate customers on the importance of data encryption.
• Mobile device security: Educate customers about security controls for mobile devices, including strong passwords, biometric authentication, encryption, anti-malware programs and Wi-Fi connectivity.
• Malware awareness: Educate customers about defending against malicious software.
• Importance of anti-virus and firewalls: Stress the importance of firewalls and the use of malicious program detection programs.
• Security awareness: Stress the importance of ongoing security awareness training and staying up to date about modern attacks.
• Incident response plans: Stress the importance of corporate customers building a plan to fail well (an incident response plan) if they are compromised.

Using multiple delivery channels to provide education can help ensure your customers see it throughout the year. Delivery channels can include:

• Providing relevant cybersecurity tips, news stories and alerts on your website
• Incorporating cybersecurity tips into your on-hold message when customers call your business or on physical statements or invoices
• Including a monthly tip in your newsletter or social media accounts to keep cybersecurity top-of-mind
• Encouraging your customers and employees to follow your organization or other cybersecurity organizations on social media
• Placing posters, articles or other educational materials in the entryway, break room, bathroom or other meeting areas
• Providing cybersecurity resources, control suggestions or self-audits during account opening
• Hosting an event, such as:
  • For business customers, plan a lunch and learn event focusing on the latest cybersecurity tips and trends.
  • For the community, host a cybersecurity awareness day for community members to shred sensitive documents, listen to short presentations and play cyber-themed games or trivia.
  • For your board, have a guest speaker discuss the trends they are witnessing and the risks associated with generating increased buy-in.

Sharing a Strong Cybersecurity Culture

Getting out in front of your customers and talking about the importance of cybersecurity is a win/win/win:

1. You are helping to create stronger customers that are more resistant to cyberattacks, benefiting both you and your customer.
2. You show your customers they are more than just a number. You’re strengthening relationships and demonstrating care about their well-being.
3. You have an opportunity to showcase new products, services or features and boost the usage of current offerings.

Discussing cybersecurity with your customers allows you to highlight the measures your organization is taking to safeguard their information. In today’s market, with cybersecurity being a deciding factor for consumers when making choices, being transparent and forthcoming about your cybersecurity practices and culture can build customer trust and attract new clients.

SBS aims to simplify the process of educating your customers, board and community about cyber safety throughout the year. The Security Awareness Toolkit provides a comprehensive range of grab-and-go resources, including cyber tips, social media posts with graphics, event ideas and more. This toolkit makes it easy to demonstrate your dedication to sharing a strong cybersecurity culture.

To get your Security Awareness Toolkit, visit sbscyber.com.

Eric Chase is an Information Security Consultant at SBS CyberSecurity (SBS) and an instructor for the SBS Institute, leading the Certified TRAC Professional (CTP) course. Eric received a Bachelor of Science in Computer Network Security from Dakota State University(DSU). He continued his education at DSU with a Master of Science in Information Assurance. He is currently working toward his Certified Information Security Manager (CISM) certification. Eric is passionate about assisting clients to become skilled and knowledgeable TRAC users and enjoys assisting them with their Information Security Program.