Online Banking Security: Are You Investing in Awareness
How many of these terms can you define? Botnets. Cache Poisoning. Logic Bombs. Malware. Phishing. Spyware. Super Zapping. Zombies.
If your job is managing rate spreads and loan risks, you may think that these terms sound like they come from the script of a James Bond movie. But if you've been paying attention to the advisories coming from regulatory agencies and the reporting in the trade press about the increasing amount and type of financial cybercrimes, you've likely heard several of these terms, and others like them.
Estimates of the losses from global cybercrime are in the hundreds of billions of dollars. Hackers aren't just after the big targets. Increasing numbers of community and regional institutions, and their business banking customers, have been victims to an array of malicious attacks.
The good news is that neither financial institutions nor their business banking customers need to be experts in cyber crime and cyber security to be effective in guarding against these threats. Basic training on risks and mitigation techniques can be highly effective.
Most financial institutions are aware of the most recent FFIEC Guidance on online banking security, and have taken steps to implement risk assessments, layered security controls, and a variety of security solutions to support compliance. One area of the guidance that has received less attention is that the FFIEC requires financial institutions to increase customer awareness and education efforts about online security.
Estimates of the losses from global cybercrime are in the hundreds of billions of dollars.
As a security professional, one of issues that I find most tragic, and all too common, is when an unsuspecting user makes an avoidable mistake. A prepared and educated end user – both customers and employees – are the last line of defense against cybercrime. When they got the phishing email, did they ask themselves, "Was I expecting this communication?" Did they check the email for a suspicious looking URL? There are a number of simple steps that a prepared user can take to prevent their business or institution from becoming a victim.
In fact, educating end-users is one of the most cost-effective ways to prevent cyber fraud. It has a dual benefit, in that it instills trust that their financial institution takes security seriously and is investing in training to help them become safer consumers of online financial services.
Free Tool for Fiserv Clients: Security Awareness for Online Banking Users
Fiserv has eliminated two of the commonly-cited obstacles to such training – time and money – by developing "Online Business Banking Security Awareness," a series of valuable training courses for our client financial institutions and their business banking customers.
These training courses, which are provided to clients on a complimentary basis, help institutions educate their business customers on secure online environments. Implementation of these courses assists insitutions with complying to FFIEC guidance related to increasing customer awareness about online security issues.
The series features three courses: The Risk Background and Threat Landscape, Risk Management and Reduction, and Managing a Negative Event. The training is delivered via an online learning management system. It takes approximately 45 minutes to complete all three courses.
Institutions and their business customers who participate in this training gain access to information that will help them to improve online transaction security and reduce the likelihood of online banking and ACH fraud.
For additional information on "Security Awareness for Online Banking Users," Fiserv clients can view the recorded webinar on the Boardroom Series or contact their account representative.