Finally, out of those three processes, people are the weakest link. It’s much easier to convince a human being to provide the information they’ve been trained (or asked) not to share than it is to convince a firewall, whose only job is to follow a programmed set of instructions, to break the rules it has been built to follow. Knowing that your people are your greatest weakness means you should test this area of your organization MOST frequently, not least frequently. Start at the Top To truly ensure your organization is on-board in changing your view of cybersecurity to align more with a technology company, the message must be consistently portrayed from the top down. Cybersecurity conversations between employees, the steering committee, and the Board of Directors need to happen regularly, not just once yearly. The integrity and availability of technology and data pose a much greater risk to your organization than nearly anything else, including a bad loan. A data breach, loss of customer data, or significant electronic banking downtime could cause irreparable damage to a community bank whose reputation is its most important asset. Starting at the top means sharing the technology-focused message and vision with the whole organization, then backing up the message with appropriate investment into the technology and resources needed, including the roles and responsibilities of the staff. A shift from treating technology as an expense to a critical business function means aligning your actions with your message. For more information, contact Robb Nielsen at 605-251-7375 or robb.nielsen@sbscyber.com. SBS helps business leaders identify and understand cybersecurity risks to make more informed and proactive business decisions. Learn more at sbscyber.com. Training and education of not only your employees but also your customers is another critical component to building a cybersecurity culture. It shows everyone that you mean what you say and that you’re committed to doing what’s best for your employees and customers. On top of training, holding your people accountable for their actions is also essential. If you are testing your people’s cybersecurity awareness with regular phishing email tests, accountability must be built into the process for it to be effective. Phishing is the #1 attack vector used to compromise your network and steal customer information. Allowing employees to fail phishing assessments by clicking on links repeatedly sends a very loud message to the organization that cybersecurity doesn’t matter. The same goes for testing your employees but not your senior management or Directors. Everyone should be on an even playing field when it comes to testing. Attackers don’t discriminate between employees and Directors. Changing Your View By thinking of your organization as a technology company and acting accordingly, you will change your perspective on how you protect your networks and customer information and set yourself up for success in the future. Realizing that your organization’s very existence depends on the technology you deploy via the internet to serve your customers, your focus will shift from “it’s a necessary evil and an expense” to “we need to do our best to protect our networks and customer information because our very existence depends on it.” Once you make that shift and invest in cybersecurity, you dramatically reduce the likelihood of a cybersecurity attack that could close your business. Change your mentality today! When it comes to IT or cybersecurity risk assessment, the output should provide you with a clear understanding of what you have and how important that stuff is, how risky your stuff is, and where you should spend your next information security dollar to mitigate additional risk. NEBRASKA BANKERS ASSOCIATION 21
RkJQdWJsaXNoZXIy MTU2Mjk4Mw==