Sharing a strong culture of cybersecurity has benefits beyond mitigating cyber risks; it builds confidence amongst your employees and customers that you have made it a priority. Develop a Training Plan Your customers will benefit from a training plan that includes basic cybersecurity knowledge, best practices and tips. To keep it simple, create a plan based on the same security awareness topics already shared internally, including: • Social engineering and phishing: A good start for a training plan is to teach customers about the various social engineering attacks, giving extra attention to phishing. Introduce the idea of the Golden Rule of Email, which is to treat every email like it is a phishing attempt. Additionally, provide information about the dangers of phishing emails, explain how to identify and handle a suspicious email and suggest controls they can use to protect against this common threat. • Physical security: Educate customers about physical security threats and best practices. • Access controls, including passwords: Educate customers on the importance of strong authentication mechanisms. Stress the importance of length vs. complexity when it comes to passwords and encourage the implementation of multi-factor authentication (MFA) whenever possible. • Remote access security: Educate customers on the importance of securing remote workers through the use of VPNs, wireless network best practices, quality antimalware programs, etc. • Use of encryption: Educate customers on the importance of data encryption. • Mobile device security: Educate customers about security controls for mobile devices, including strong passwords, biometric authentication, encryption, antimalware programs and Wi-Fi connectivity. • Malware awareness: Educate customers about defending against malicious software. • Importance of anti-virus and firewalls: Stress the importance of firewalls and the use of malicious program detection programs. • Security awareness: Stress the importance of ongoing security awareness training and staying up to date about modern attacks. • Incident response plans: Stress the importance of corporate customers building a plan to fail well (an incident response plan) if they are compromised. Using multiple delivery channels to provide education can help ensure your customers see it throughout the year. Delivery channels can include: • Providing relevant cybersecurity tips, news stories and alerts on your website • Incorporating cybersecurity tips into your on-hold message when customers call your business or on physical statements or invoices • Including a monthly tip in your newsletter or social media accounts to keep cybersecurity top-of-mind • Encouraging your customers and employees to follow your organization or other cybersecurity organizations on social media • Placing posters, articles or other educational materials in the entryway, break room, bathroom or other meeting areas • Providing cybersecurity resources, control suggestions or self-audits during account opening • Hosting an event, such as: ▪ For business customers, plan a lunch and learn event focusing on the latest cybersecurity tips and trends. ▪ For the community, host a cybersecurity awareness day for community members to shred sensitive In today’s market, with cybersecurity being a deciding factor for consumers when making choices, being transparent and forthcoming about your cybersecurity practices and culture can build customer trust and attract new clients. 23 Nebraska Banker
RkJQdWJsaXNoZXIy MTg3NDExNQ==