• Home
  • Education
  • News and Resources
  • Advocacy
  • Associate Members
  • Contact
  • Search
  • Menu Menu
News
News, Resources

Embracing a Culture of Cybersecurity

All staff needed to help mitigate risk

By Hannah Flanders

Cyberattacks are ranked as one of the top threats to banks across the country. As these threats continue to become increasingly sophisticated and prevalent throughout our communities, bankers are looking to mitigate the risk for the safety of both their institution and all customers served. As such, administrators — including members of the human resources (HR) department — have been tapped to take on a new role alongside the information technology (IT) department to protect the bank from falling victim.

Prioritizing Cybersecurity

According to Proofpoint’s State of the Phish survey, approximately 79% of U.S. organizations reported at least one successful phishing attack in 2021. As cybercrime continues to rise — costing over $1 trillion a year worldwide, as highlighted in a report by McAfee Center for Strategic and International Studies — it is critical for the success of banks across the country that they establish a culture of cybersecurity.

In the American Bankers Association’s (ABA) Banking Risk and Compliance Management Outlook for 2023, surveyed bankers identified cybersecurity and IT risk to be, overwhelmingly, the top risk priority for the 18 months ahead. With the use of online banking and digital payments skyrocketing, and employee negligence being cited as one of the top reasons banks are put at risk — Proofpoint’s survey highlights that around 27% of employees believe that their organization/IT department will take care of any mistakes. However, as the cost of cybercrime continues to become more expensive for impacted organizations each year, finding ways to educate both consumers and employees of the cyber risks they face will not only help protect information from being compromised, but save banks from contributing to the astounding losses reported by financial institutions each year.

The Federal Bureau of Investigation’s (FBI) Internet Crime Report highlights that in 2021, Wisconsin totaled over $51,800,000 in victim losses. By taking proactive steps in both their cybersecurity protocols and training, banks throughout the state will have the opportunity to save the organization, and their customers, from substantial loss.

While banks make strides to incorporate risk mitigation — such as integrating multifactor authentication (MFA), a bare minimum in preventing bad actors from gaining access to accounts with greater privileges, and following regularly updated guidance from the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) — into their procedures, those seeking to optimize their efforts are looking beyond their IT staff for assistance.

Team Effort

Establishing a culture that embraces cybersecurity begins from the top and requires uniting members throughout various departments. According to Marsh McLennan, a leading professional services firm in risk, strategy, and people, “a robust cybersecurity culture starts from the top of the organization and involves continuous communication and training for leaders across all key functions.” The firm highlights that, as of 2019, nearly 90% of all organizations only included InfoSec/IT, C-suite, risk management, legal, and finance professionals in the management of cyber risk.

“Cyber defense is a team endeavor, not just an IT or a management one,” emphasizes Rob Foxx, director – InfoSec and IT audit services at FIPCO. “Threats apply to all parts of an enterprise, as should defense.”

The Cybersecurity and Infrastructure Security Agency (CISA) highlights that HR professionals play an integral role in detecting, deterring, and mitigating threats by screening candidates prior to employment, managing secure information, and regularly communicating policies.

When HR professionals have a seat at the cyber risk management table, banks not only gain a risk-conscious ally, but also ensure that HR professionals throughout their organization have a strong understanding of the cyber risk policy they utilize in their own day-to-day operations. Additionally, ensuring that the HR team is abreast of the latest cyber risks and mitigation procedures is critical so that said information can be communicated with all staff members.

Playing a Part in Protection

As the U.S. financial sector continues to prioritize cybersecurity — regularly spending up to $3,000 per employee on ongoing cybersecurity education, according to the McAfee report — ensuring that every employee is making the most of their training, testing, or coaching and remains vigilant against all threats to the organization is critical for the safety and security the institution and its customers.

  • The Employee Lifecycle

Of course, HR plays a substantial role in the onboarding and offboarding process to evaluate the quality of incoming employees and ensure that all former staff are no longer granted access to confidential company data upon their departure. Furthermore, given the close ties to all staff members, HR can play an important role in clarifying policy, providing resources, and working behind the scenes to recognize and anticipate the potential information security issues, highlights the Society for Human Resource Management (SHRM).

  • Training

Although cyberattacks continue to cause headaches for businesses across the country, only 64% utilize organization-wide training, according to Proofpoint’s 2022 survey. Training, which is usually administered by the IT department or virtually, has the potential to be strengthened by HR’s involvement. In taking a human-centric approach that emphasizes how all staff members — administrative through executive leadership — play a role in the security of the institution, employee morale is heightened.

Additionally, HR can emphasize and enforce the importance of practicing good cyber habits and encouraging training from the start because of the department’s close connection to all bank staff. HR staff will also notice if staff don’t attend training, regularly fail simulated tests, or display non-compliance with cyber protocols. From there, action can be elevated beyond coaching from IT staff or managers.

“A significant amount of malware is file-less and exists only in the active memory of a computer,” highlights Foxx. “While the next generation of antivirus has the ability to detect more activity than older versions, file-less attacks are just the beginning, and these tools can now detect abnormal user, host, and network activity. Ensuring your team is on the same page is a critical component in mitigating these attacks.”

  • Coordinating Cybersecurity Requirements

In partnership with the IT department, HR should ensure that there are well-documented policies, standards, and best practices for not only averting attacks or breaches, but also for reporting attempted or successful cybercrimes. Throughout their day-to-day tasks, HR professionals are expected to adhere to the organization’s procedures and guidelines as well as communicate this information with staff. Understanding the various protocols, exploits, tools, and resources fraudsters utilize can help members of HR in assisting their staff to build confidence in mitigating a cyber risk. At the very least, Foxx adds, bankers should adhere to cyber security frameworks such as the NIST Cybersecurity Framework or ISO 27001 certifications, which assist organizations in gaining direction and highlighting areas of need.

As more aspects of our daily lives digitalize, and cybercrime and attacks become a regular and unfortunate normality across the banking industry, the need to secure sensitive data has become a widespread effort. It is critical that leaders look throughout their staff for unique perspectives and opportunities to educate. Establishing a culture of cybersecurity could be the difference between a secure and a compromised institution.

Ready to take your cybersecurity to the next step? Visit fipco.com/solutions/it-audit-security to ensure your bank is secure!

FIPCO is WBA subsidiary and Gold Associate Member.

Print 🖨
March 16, 2023/by Hannah Flanders
Tags: Cybersecurity, Human Resources, Technology
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail
https://www.wisbank.com/wp-content/uploads/2023/03/Cyber-Security-scaled.jpeg 1707 2560 Hannah Flanders https://www.wisbank.com/wp-content/uploads/2021/09/Wisconsin-Bankers-Association-logo.svg Hannah Flanders2023-03-16 08:35:142023-03-29 09:37:47Embracing a Culture of Cybersecurity
You might also like
FIPCO Serves Compliance Concierge® Customers With Software Updates
Innovation and Identity: How to Embrace Change Without Changing Who You Are
Enroll in an UnitedHealthcare Association Health Plan and Save
People sitting in row of chairs listening to speakerHuman Resources and CFO Conferences Return in 2023
Five Years In, AHP a Financial Success for Members
Identifying and Averting “Festive Fraud”
WBA Wisconsin Economic ReportTech Will Help Drive Economy in Unpredictable Year
It’s Time to Take Action in 2022

Categories

  • Advocacy
  • Community
  • Compliance
  • Credit Unions
  • Education
  • Member News
  • News
  • Products
  • Resources
  • Uncategorized

Recent Posts

  • Nelson Celebrates 30 Years at National Exchange Bank & Trust
  • Bakalars to Retire
  • PWSB Mortgage Lenders Receive the Five Star Mortgage Professional Award
  • Executive Letter: Wisconsin Supreme Court Upholds Priority of Secured Creditor Under Receivership Rules
  • Peshtigo National Bank Announces Promotions

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • May 2019
  • April 2019
  • March 2019
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • April 2018
  • March 2018
  • January 2018
  • November 2017
  • October 2017
  • September 2017
  • May 2017
  • April 2017
  • December 2016
  • November 2016
  • August 2016
WBA logo
  • About
  • Community
  • Subsidiaries
  • Staff

questions@wisbank.com

608-441-1200

4721 S Biltmore Ln.
Madison, WI 53718

Get our Newsletter!
Subscribe

© 2023 Wisconsin Bankers Association. All rights reserved. | Website Design by Bizzy Bizzy
Mesura Retires From Waukesha State BankRitchay Promoted to Vice President
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more×

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Terms of Use
Accept settingsHide notification only

Subscribe

* indicates required








Membership