Author: Chad Knutson, SBS CyberSecurity
Financial Institutions today face many cybersecurity risks. Creating a cybersecurity culture is key to alleviating the risks at your organization. Here are some tips to create a culture of passion for cybersecurity:
- Implement from the top down. Senior management must set the tone for employees to follow suit.
- Make cybersecurity everyone’s job. Whether you’re a teller, loan officer or president, encourage all employees to be vigilant with cybersecurity.
- Communicate regularly. Send monthly emails to employees with cybersecurity tips. Make the tips relatable to your financial institution.
- Train frequently. Conduct cybersecurity training more regularly than once a year.
One of the largest risks for financial institutions is phishing. According to Verizon’s Data Breach Investigations Report, 90% of data breaches that have occurred involve phishing at some level. Set your organization up for success with these tips:
- Create a safe harbor. In a positive culture, employees will report phishing attempts and failures.
- Reward employees for successfully reporting phishing emails. Some organizations tie bonus structures to how well employees perform during phishing tests. Other rewards could include extra PTO days or company promotional product giveaways. Public recognition of their efforts is also a proven motivator.
- Create consequences for those who fall for phishing attempts. If employees fail, require more training.
- Consider an automated phishing solution that sends phishing emails to your staff so you can identify who needs additional training.
Don’t fall victim to cyberattacks. Take five minutes to view my video blog to learn more about creating a cybersecurity culture at your organization.
Chad Knutson is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, a premier cyber security consulting and audit firm dedicated to making a positive impact on the banking and financial services industry. Chad has also served as President of the SBS Institute since 2013. Chad maintains his CISSP, CISA, and CRISC certifications, and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance from Dakota State University.
- Whitepaper: Why Cybersecurity Should be a Top Priority for Your Financial Institution
- Infographic: Phishing: The Rising Threat to Business
- Infographic: Protect Against Phishing Attacks: A Prevention Checklist
- Datasheet: Cyber and Information Security Solutions