Technology Archives - Wisconsin Bankers Association

Posts

Safe Internet Browsing Tips to Keep Your Bank Secure Online

By Alex Hinsch, Technical Account Manager, Locknet Managed IT, A WBA Associate Member

Community banks in the Midwest are increasingly targeted by cybercriminals due to their limited IT resources, making them vulnerable to phishing attacks, malware, and data breaches. Implementing secure web browsing practices across the workforce can be one effective tool to help protect your organization. Below are essential tips to safeguard your organization from cyber threats.

Understanding Secure Web Browsing

Secure web browsing involves practices that protect corporate information, privacy, and data from cyber threats like phishing scams, malware, and data breaches. By adopting these strategies, community banks can mitigate risks and ensure a safer online environment for their operations.

Top Ten Safe Internet Browsing Tips for Community Banks

1. Implement a secure web gateway: Secure web gateways filter malicious websites, prevent access to dangerous content, and block malware, serving as the first line of defense against online threats.
2. Educate employees on phishing and social engineering: Regular cybersecurity awareness training can help employees identify suspicious emails, avoid clicking on unknown links, and verify website authenticity before entering credentials.
3. Enforce strong password policies and Multi-Factor Authentication (MFA): Use strong, unique passwords for each online account and enable multi-factor authentication (MFA) for all business accounts to add an extra layer of security.
4. Use secure and updated browsers: Ensure that all company devices use the most secure internet browsers with automatic updates enabled. Opt for browsers with built-in security features and options to block suspicious websites.
5. Restrict access to risky websites: Implement content filtering policies that restrict employee access to high-risk websites, including those associated with gambling, adult content, and pirated software.
6. Deploy endpoint security and antivirus software: Equip all company devices with reputable antivirus software that includes real-time scanning, web protection, and automatic updates to detect and block cyber threats.
7. Encourage the use of Virtual Private Networks (VPNs): For remote employees or those working from public Wi-Fi networks, use a company-approved VPN to encrypt internet traffic and prevent hackers from intercepting sensitive data.
8. Limit administrative privileges: Grant administrative access only to essential personnel to minimize the risk of malware installation and unauthorized changes to security settings.
9. Monitor and log web activity: Regularly monitoring employee web activity can help identify potential security risks. Use web filtering solutions and endpoint security platforms to track internet usage and detect suspicious behavior.
10. Establish a clear internet usage policy: A well-defined internet usage policy sets expectations for employees regarding safe web browsing habits, outlining guidelines on acceptable website usage, prohibited activities, and consequences of violating security protocols.

Final Thoughts on Secure Web Browsing

Implementing these safe internet browsing tips can significantly reduce the risk of cyberattacks. Prioritizing secure web browsing protocols, employee education, and proactive security measures can go a long way in protecting your bank. Foster a culture of cybersecurity awareness to create a safer digital environment for employees and customers alike.

May 21, 2025/by Katie Reiser

News

AI Governance

By Rob Foxx

In the past few years, our world has turned a corner with new trends in technology. Unless you have been living a simpler and happier life than the rest of us you have either had an encounter with or conversation about Artificial Intelligence (AI). There has been a lot of talk and speculation about what that means for the work force. Will it replace traditional workers? Will it bring about the end of all things? Or something in the middle? Knowing the extent of its capabilities is important to its implementation. More importantly, how will we manage, limit, and protect ourselves from AI and its implementation? One of the best ways to answer these questions is with AI Governance.

AI is a wonderful tool. It is capable of completing work in just seconds that would normally take humans hours or days. AI can draft legal documents, policies, emails, and so much more ranging from the extraordinary to the mundane. This is not to say you can remove your work force. You could ask AI to explain how to perform a heart transplant in detail as if it were explaining it to someone with a 3rd grade education, and it will. Does that mean you should perform said heart surgery? Consider if it is something you could not do without AI, it’s something you should not do with AI.

Advanced AI already exists in the workplace and if it is not there it will be shortly. Windows 11 comes with copilot by default, and unless you disable it, copilot will be both accessible and collecting data in the background. Nextgen antivirus suites run on AI. Chat GPT and other AI engines are accessible from a web browser. Keep in mind these technologies are higher risk and lower maturity than your typical application.

How do you know who or what to trust? A good perspective to consider is if you are not buying goods or services then you likely are the goods being purchased. Your vendor provided services will usually specify items in the contract that should be things considered when risk assessing. These contracts should be reviewed with AI and privacy as a consideration. What data is collected? How will it be used? Will it use personally identifiable information? Will it gather critical or sensitive business data? It is even possible it will do this unintentionally? Another consideration is how AI is trained. AI is given data to train and learn from, but raw data may have a bias. AI, like anything else, can be inaccurate or even wildly wrong if it has too much or not enough information. AI can make a guess; this has been referred to as AI hallucinations.

For good management of AI consider restricting use of company approved tools. Always classify and protect your internal data. Know your risk and what you will accept. Define as an organization the proper use of AI tools. Allow for reporting of suspicious activity. Communicate your stances as an organization to your employees.

Foxx is director – infosec and IT audit services for FIPCO, a WBA Gold Associate Member.

January 16, 2025/by Katie Reiser

News

Was the CrowdStrike Incident a Fluke or the Beginning of a Trend?

By Rob Foxx

On July 19, 2024, CrowdStrike pushed out an update to their customer base that disabled an estimated 8.5 million computer systems across the world. This not only damaged their reputation, but it also sent fear and uncertainty into those businesses that utilize IT services. This single event cost about $5.5 billion in damages and business loss.

The real question is who can be affected by an event like this. The short answer is anyone who uses any products or services that can affect the system files of a computer. This includes Microsoft Windows automated updates, antivirus, remote configuration tools, and many others. For those who are not familiar with the previously mentioned list you have several of these on any given business computer.

So why do we not hear about events like this more often? The reality of the situation is these events happen every day. Windows updates pushed out by a managed service provider that removes all network drivers, thus disabling the connection to the login service rendering a computer useless, was my personal CrowdStrike. This happened several times over the course of a month, anti-virus similar to CrowdStrike that disables use of business-critical software or core access. An update to Windows that prevents backup software from running correctly. These have all happened. Most people have never heard of these events as they did not have a worldwide impact or cost billions of dollars in losses. CrowdStrike made news because of their wide adoption as they offer a service only a handful of other companies do.

So how do I protect my organization? The only 100% means of protecting your computer environment is to power it down, unplug it, and bury it in concrete. Business, however, runs on acceptable risk, so let us look at what could help lower your risk and impact. During the course of onboarding or reviewing a vendor for contract renewal, you can verify or request that they add in testing criteria before sending out updates. Comparing vendor services with an RFP (Request for proposal) can identify whether a service fits your needs. Several similar companies allow for the designation of a test group which includes a sampling of computers across your organization. This group should fill all the key roles to running your enterprise and test for a week or more before the updates are pushed to the rest. Perhaps one of the best means to protect yourself is to have knowledgeable IT on staff or as an on-call vendor. The fix to restore CrowdStrike would take per computer less than 10 minutes at a keyboard. A little longer if the computer has BitLocker or other similar protections in place. A good recovery plan and continuity for running on alternate systems can also save quite a bit of recovery time.

I do believe there will be more events like the CrowdStrike outage, especially given how large some services grow to global offerings. I believe vendors will be more cautious in their products. Will you be more cautious in your implementations?

Foxx is director – infosec and IT audit services for FIPCO, a WBA Gold Associate Member.

October 22, 2024/by Katie Reiser

Member News, News, Resources

How the Right IT Managed Security Services Provider Can Help You Optimize and Grow

Sponsored content by Wipfli, a WBA Silver Associate Member

By Tom Wojcinski and Jeff Olejnik

IT Managed security services are vital in helping financial institutions oversee IT operations and compliance — but the right provider can take that role further.

IT Managed security services that bring increased capability and industry specialization can go from managing your IT infrastructure to modernizing it, acting as a strategic partner in identifying the solutions you need to optimize workflows and enhance the customer experience. And it can help you understand the latest updates to the cyberthreat landscape and regulatory priorities so your operations stay secure and compliant.

When you’re working with the right provider, you’re not just getting support for your servers — you’re getting support for your business.

Here are four ways IT managed security services can help you hand off operational tasks and grow your institution:

1. Modernizing your IT infrastructure

To implement the latest solutions, increase productivity and better reach customers, you need the right infrastructure. IT services can be a valuable source of insights into how your organization can create a modern workplace environment.

The right provider can help you update your IT infrastructure by switching out legacy systems and implementing cloud infrastructure — including helping you address the resulting security concerns.

Software as service (SaaS) platforms come with built-in security features, but they often leave you responsible for establishing things like permissions and access control. Your provider can help you build security strategies for cloud services and integrate new solutions with your core banking system.

2. Meeting customer needs

Customers expect services to be faster and more accessible across industries. If your financial institution wants to stay competitive, it needs to evolve the customer experience.

Managed services can help by taking on a more strategic role, providing guidance on an IT road map that supports technologies to help you:

Use dashboards to track key customer metrics.

Create a better omnichannel experience.

Use customer data to effectively cross-sell and increase wallet share.

Partnering with an effective provider can help you better strategize on how your institution can improve workflows and productivity so that you can deliver the experience your customers expect.

3. Enhancing your cybersecurity

Cyberattacks continue to increase in frequency and severity. Your IT managed security services should be helping your institution keep pace with support for:

Being proactive: In addition to addressing server performance issues, your provider should be proactively looking for indicators of compromise. They should employ 24/7 monitoring that can quickly identify and research any anomalies so that potential compromises can be solved before they escalate.

Staying updated: As AI continues to increase the frequency and sophistication of cyberattacks, your provider should not only be helping your institution enhance data protection but also adapting its own capabilities. An effective provider has the tools, infrastructure and threat detection in place to help them identify indicators of compromise faster, such as advanced endpoint detection and response and AI-powered threat correlation.

Meeting regulatory expectations: managed IT support with industry specialization can help ensure your institution meets key regulatory priorities in areas including ransomware, operational resilience and incident response. For example, it’s crucial that financial institutions use a provider that can retain security event logs if an incident does occur.

4. Providing crucial talent

For most institutions, establishing 24/7 security operations in-house is neither cost-effective nor viable.

Employing enough staff to provide that level of support requires substantial resources. And attracting and retaining staff can be equally challenging, given the current labor shortages and the relative lack of complexity and challenge financial institutions provide for these roles.

Outsourcing these positions with managed services provides you with the necessary staff and infrastructure without the cost of hiring. They can also help guide your institution’s data security at the executive level with fractional or virtual CISO services.

How Wipfli can help

Wipfli’s managed services go beyond IT operations and compliance to help your financial institution evolve. With industry specialization and deep cybersecurity capability, we can provide your institution with the solutions and strategy it needs to optimize operations and further its growth. We can also work alongside your current provider to augment your existing support.

September 18, 2024/by Katie Reiser

Member News, Resources

Association Update: WBA Associate Members Support Bankers Across Wisconsin

By Daryll Lund

Every year, the banking industry becomes increasingly competitive and with new trends, technology, and specialized services emerging at rapid speeds, there is no way for one single business to do it all. The Wisconsin Bankers Association is pleased to offer WBA bank members access to the over 150 vetted, dedicated companies that make up the Association’s Associate Member program.

Made up of a broad spectrum of third-party providers from around the country, WBA’s Associate Members program features companies that specialize in specific products and services related to banks. In forming strong partnerships with third-party vendors, many WBA members have found great benefit directly impacting their bank’s growth to the satisfaction of their customers.

Furthermore, Associate Member companies serve as valuable partners of the Association. From sharing their expertise through resources published in our publications to presenting on hot topics at WBA events, our Associate Members help us create meaningful, relevant content that informs bankers throughout Wisconsin. WBA’s Associate Member program offers just the place for banks to locate whatever niche expertise and product specialization they need to stay ahead in our continuously evolving industry. WBA stands ready to identify companies that seek to assist Wisconsin’s banking industry and connect banks with the vendor(s) that will meet their needs.

To learn more about WBA’s Associate Member program and how your bank can make the most of the resources available, please visit wisbank.com/Associates or contact Nick Loppnow, director – associate membership and business development, at nloppnow@wisbank.com.

March 27, 2024/by Hannah Flanders

News, Resources

The Evolution of Cyberthreats: Preparing for AI-Powered Attacks

By Brett Gilsinger

The latest arsenal of tools that cybercriminals will harness for their illicit activities is increasingly being powered by artificial intelligence (AI). The transition to AI-driven cybercrime is already underway. Traditionally, cybercriminals have relied on a plethora of tools acquired from the dark web to penetrate their targets. These off-the-shelf tools have allowed cybercriminals to gather the information they need effortlessly. Instead of developing code specifically for a target, attackers have been able to purchase these tools through underground networks and dark web marketplaces. Such tools permit them to tailor malware or compile exploits from pre-packaged kits. As long as profits continue to soar, the underground market for cybercrime services thrives, fueled by robust demand for illicit tools and the ongoing supply by clandestine developers.

This underground ecosystem has been operating for years and shows no signs of diminishing. Yet, with the advent of highly sophisticated large language models such as ChatGPT, the tools available to wrongdoers are transforming. GPT stands for “Generative Pre-trained Transformer.” It is an artificial intelligence model designed to generate text by predicting subsequent words in a sentence based on the preceding words. This technology, developed by OpenAI, uses deep learning algorithms and a large amount of data to understand and generate human-like text. We are witnessing the emergence of unregulated AI models like FraudGPT and WormGPT. These models function without the ethical constraints usually imposed on publicly available versions like ChatGPT. Offered via subscription services in the more obscure regions of the internet, they harness stolen or open-source training datasets to power private GPT systems that assist cybercriminals indiscriminately, completely disregarding the legality or ethics of their facilitation.

Reports indicate that some of these emerging systems possess the alarming capability to generate undetectable malware. They can orchestrate comprehensive phishing operations, crafting the deceitful messages and the code for the malicious landing pages designed to harvest credentials. With such technology at their disposal, the scope of advanced criminal activities is limited only by the perpetrator’s creativity — or perhaps not even that, should the AI itself suggest ways to refine their malicious endeavors.

Facing these sophisticated threats, institutions and individuals must remain vigilant and proactive in safeguarding their operations and personal information. While these advancements pose a significant concern for the security of our data in the era of AI, there are measures that can be taken to protect your institution from these threats. Almost all of these attacks rely on human error to grant bad actors access to your environment. Regular training and awareness programs are the first line of defense. Employees should be consistently educated on the most recent cyber threats and the critical nature of security best practices to avoid successful phishing and social engineering attacks.

Beyond improved training programs, hardening your processes and technology can establish a more secure infrastructure. Implementing multi-factor authentication (MFA) and biometrics for identity verification and performing routine internal security audits to ensure all systems are current and free of vulnerabilities are essential steps. Opting for the right technology security solutions, such as Managed Detection and Response (MDR), can automate the threat identification process and significantly diminish the likelihood of breaches.

By focusing on people, process, and technology, institutions can construct a formidable defense against the complex realm of AI-enabled cybercrime, thereby securing their assets and maintaining the confidence of their clientele. Moving forward, institutions will need to focus on evolving their security solutions to stay ahead of the quickly changing threat landscape.

Gilsinger is executive vice president – CTO of IT Resource, a WBA Associate Member.

About IT Resource

IT Resource provides technology solutions to streamline IT environments, enhance productivity, and lower costs. And now we are excited to announce that IT Resource is evolving into Endeavor IT! While maintaining the same dedicated team, ownership, and management, we’re expanding our already exceptional services to offer a broader range of IT solutions with offices spanning across the North, Midwest, and South. Curious to explore further? Check out endeavorit.com.

December 5, 2023/by Hannah Flanders

Advocacy, Education, News

From the Fields: Recap From the 2023 ABA Agricultural Bankers Conference

By Chris Schneider

This November, about a dozen ag bankers from Wisconsin and I made the trek to Oklahoma City for the 71st annual American Bankers Association (ABA) Agricultural Bankers Conference. This year, the number one message was getting the ACRE Act through Congress to help the American farmer. This act, which would create a tax exemption on ag loans and rural home mortgages, will aid in saving approximately $1.15 billion in ag loan interest and will reach 17,000 local communities across the country.

In attendance at this year’s event was Congressman Glenn “GT” Thompson (R–PA), who chairs the House Committee on Agriculture. During his opening session, GT offered updates on agricultural policies including the Farm Bill and shared what bankers need to know going into 2024. My impression of him was that he is committed to helping the American farmer and local communities.

Interest rate discussion was no surprise due to the past 12 months of increases. While many were questioning whether we will see it rise more, stay stable, or flatten out some, we will have to see if — as usual — the election year brings with it some softening of rates. I’m not sure if we will see the low rates of past years again in future.

Representatives from the ABA and Farmer Mac shared with attendees the results of the 2023 ABA/Farmer Mac Agricultural Bankers Survey. A few of the top and notable themes from this past year have been interest rate volatility, lender competition, credit quality, increased regulator burden, and weak loan demand.

In just the first day of the conference, attendees gained insight into food spending trends (a shocking 51% is spent on food outside of the house), student loan debt, legal cannabis, and more. Throughout the rest of the event, topics including new technologies and artificial intelligence (AI) and ESG trends and the sustainability especially the ag community. To me, the greatest take away from this year’s event was that in order to have successful farmers, ag bankers should be prepared to aid them in strengthening their ag IQ. By understanding the cost of production, strengthening their balance sheet, developing a marketing plan, and utilizing technology to set next level, we can help our clients do all the little things even better.

Schneider is vice president – senior ag banking officer at Nicolet National Bank in Manitowoc. Schneider also serves as Past Chair of the 2023–2024 WBA Agricultural Bankers Section Board of Directors.

November 28, 2023/by Hannah Flanders

Businesswoman with smartphone using application

News, Products

The Rise of Instant Payments

The Federal Reserve Launches FedNow® Service

By Hannah Flanders

In 2022, research by the Pew Research Center found that over 75% of U.S. adults have utilized PayPal, Venmo, Zelle, or Cash App at least once to send and receive payments. Of these users, ease is cited as the main reason for their adoption.

As banks look to further engage their customers, remain competitive in a quickly advancing society, and provide a safe and trusted alternative to popular payment apps, the Federal Reserve has launched its long-awaited FedNow instant payment service.

What is FedNow?

Launched in July 2023, FedNow allows financial institutions of all sizes to provide safe and efficient instant payment services to customers nationwide. Already, over 100 financial institutions across the U.S. have begun offering FedNow to customers. Of these institutions, First Citizens State Bank in Whitewater is currently one of the few in Wisconsin.

“As early adopters of the service, our team believes that FedNow, and other real-time payment systems, are the future of payments,” states Nate Parrish, First Citizens State Bank president. “We want to ensure our bank is on the cutting edge and not left behind when this technology really takes off.”

The release of the FedNow Service includes baseline functionality including core clearing and settlement capabilities. Currently, FedNow not only facilitates the peerto- peer (P2P) functionalities many customers are familiar with, but also has the capabilities to facilitate payments between businesses or between businesses and consumers. Further developments are expected to launch in phases as industry demand evolves.

FedNow, however, is not the first service to provide real-time payments to banks. In 2017, The Clearing House launched its Real Time Payments® (RTP) service to all federally insured U.S. depository institutions. As of mid-2023, over 350 banks and credit unions were listed as participants in RTP.

With several banks in Wisconsin signed on as RTP participants, the most significant difference bankers will notice with FedNow is the development of a new rail. The rail, which runs concurrent to already existing credit card and Automated Clearing House (ACH) payment rails, is overseen by the Federal Reserve Bank. Additionally, beginning in 2024, certified institutions will pay a monthly participation fee of $25. On the customer end, varying transaction limits (only $500,000 for Fed- Now) and clearing times occurring in just a matter of seconds may be the most obvious difference.

“‘Instant’ is the next modernization of ‘faster’ in the payments landscape,” says Julie Redfern, chief banking officer at Lake Ridge Bank in Monona. “Services such as Fedwire and FedACH, which are only available during certain windows, will always have a place. Fed- Now is the next step in remaining competitive and providing our customers the services they expect.”

For banks in deposit-gathering mode, the implementation of Fed- Now will help increase cash flow by allowing customers to move funds directly from one bank account to another, rather than storing funds within third-party apps. These capabilities to move money instantly can be found on the certified bank’s website or mobile app.

Getting Started

Unlike previous real-time systems, FedNow is generally seen as more accessible to mid-size and smaller banks. In this, smaller banks utilizing FedNow will now have the ability to access real-time payments without having to pay their larger competitors for the service.

Both First Citizens State Bank and Lake Ridge Bank, which is currently in the implementation process, are connecting to FedNow’s receiving rail (i.e., the bank cannot initiate customer payments) via integration of their core system. However, participation in the FedNow service is flexible, meaning that banks may opt to both send and receive payments, support liquidity management transfers, or access settlement services between correspondents and respondents. Additionally, banks may also choose to connect to the rail network through partnership with a FinTech company.

“FedNow has been slow out of the gate mainly due to bottlenecking on the core’s end,” says Redfern. “If an institution is considering going through a Fin- Tech, it’s important to make sure that they are already Fed approved rather than having to face additional delays.”

Parrish also emphasized the importance of getting ahead of the instant payment movement. “Especially with core providers being slow to adopt the idea of instantaneous movement, it may take several years for interested institutions to get on the rail. Even if 900 institutions are able to join in the next year, it could still take another nine or 10 years before FedNow is fully implemented across the country.”

To begin the process of implementation, banks are encouraged to consider their overarching payments plan and examine their operating processes to determine if the institution has the capabilities to support real-time payments. This process may require meeting with third party service providers or enhancing in-house technology.

From there, banks must undergo onboarding and testing. Certification, according to the Fed, is the final stage which entails the completion of an operational readiness test and network experience checklist. The Independent Community Bankers of America (ICBA) has emphasized that this process is not meant to be difficult, but rather to ensure that institutions are prepared to support instant payments.

The Future of FedNow

With just over 100 providers across the U.S. connected to FedNow’s rail as of October 2023, the main issue currently certified institutions are facing is the lack of transactions.

“Aside from conducting P2P payments, many customers are not entirely aware of the possibilities of FedNow,” says Parrish. “As bankers, it is our role to help inform our customers and small business clients of the possibilities of instant payments. From payroll to recurring bill payments or emergency disbursements, the ability to immediately move money will impact the way many operate.”

Though the Fed expects usage to increase as more institutions go live, banks that have incorporated FedNow into their payment offerings play an important role in emphasizing the key use cases and sharing with customers the possibilities of real-time payments.

Parrish also adds that the prospect of conducting Government-to- Consumer (G2C), Customer-to-Government (C2G), and Business-to-Government (B2G) payments on FedNow to be a significant factor as to why banks should become participants. Already, the U.S. Department of the Treasury’s Bureau of the Fiscal Service is ready with instant payment capabilities via FedNow.

Of course, as fraud continues to evolve, especially as increasingly more services become digitalized, risk mitigation and security is a significant consideration for many banks. While many theorize that the use of FedNow’s instant payment service will significantly cut down the number of uninsured, fraudulent payments that occur on third party apps as well as reduce check fraud scams across the country, it is vital that participating institutions have up-to-date strategies and procedures to mitigate risk.

Through FedNow, key risk management and information security solutions, such as accepting payments without posting, the ability to request more information from the sending or receiving institution, data encryption and tokenization, as well as several authentication and authorization measures, are available to participants. These tools, too, are expected to evolve and expand as the service grows. However, as the first line of defense against fraud, the Fed emphasizes that all participating institutions ensure that their overall fraud management strategy is consistent with the evolving payments landscape, communicated with vendors and customers, and regularly reviewed.

As ‘instant’ becomes the status quo for payments, FedNow can help drive commerce in new sectors, increase cash flow throughout communities, and offer financial institutions of all sizes innovative solutions to meeting the ever-evolving expectations of customers. To learn more about FedNow, and what its services may offer your bank and its customers, please visit frbservices.org/financial-services/fednow.

November 7, 2023/by Hannah Flanders

Network of lines and dots marked with numbers and locks

News, Products, Resources

Executive Letter: Protecting Your Bank from a Cyberattack

By Rose Oswald Poels

Cyberattacks are becoming an increasingly alarming trend and it is vital that bankers in Wisconsin remain vigilant in safeguarding their institutions and the personal financial information of their customers. In 2022, global cyberattacks increased by 38% when compared to the year prior, notes a study conducted by Check Point Research. These attacks, which target both individuals and businesses worldwide, include phishing, ransomware, breaches, and vulnerability exploitation. Each year, cybercrime costs the U.S. economy billions of dollars.

Despite this, there are many ways in which banks are able to mitigate these risks if an attack occurs.

Continually monitoring, updating, and testing your systems are all key to ensuring that your people and environments are not vulnerable. In an ever-changing digital and banking world, it may be difficult to know what areas need to be addressed, but it does not have to be. As always, WBA and its subsidiaries — FIPCO and Midwest Bankers Insurance Services (MBIS) — offer many different resources for banks to help educate your employees, protect your systems, and partner with you during a cyber event.

To proactively identify vulnerabilities of critical aspects of business operation, FIPCO offers an IT Audit & Security service. This service, which includes various tests, audits, and resources, keeps your institution one step ahead to mitigate high-risk areas before it is too late.

Right behind robust firewalls, up-to-date antivirus software, and other initiatives to mitigate cyberthreats, are your employees. Ensuring all team members feel empowered to assist in cyber risk reduction efforts should be a significant aspect of an institution’s risk mitigation strategy. Annually, WBA offers a number of security and IT-focused educational opportunities, a best practices library featuring an extensive list of security and financial crimes resources, as well as a technology and operations peer group to help in facilitating discussion and idea sharing.

Ensuring that all team members are set up with strong, unique passwords may also be the difference between a secure organization and a vulnerable one. These passwords, according to the National Institute of Standards and Technology (NIST), should be more than 12 characters long and include mixed casing and numbers. Multifactor Authentication (MFA) is also strongly recommended for bank leaders and administrators, if not every member of the team.

Having comprehensive insurance coverage is also crucial in the event of an attack. MBIS offers an extensive list of insurance coverages, including cyber liability. This policy is designed to protect directors, officers, employees, and entities from losses arising out of electronic theft of customer information, including cyber extortion, forensic expense, security breach notification, e-commerce activity, and electronic publishing. The insurance carriers for cyber liability policies also provide extensive resources that MBIS recommends be immediately engaged in the event of any cyberattack, including phishing incidents and ransomware attacks. Additionally, FIPCO’s Loan Processing Central service provides a resource you can retain ahead of time to immediately step in if a bank experiences a disaster, including a cyberattack, or an unplanned employee absence, to help continue the processing of your loan documentation.

Whether your bank is recovering from a cyber incident or mitigating the chances of one, our team is here to ensure your bank is well-prepared and equipped to navigate the complex and stressful landscape of cybersecurity challenges. If you are interested in learning more about the protections WBA can help you implement at your bank, please contact Rob Foxx (FIPCO) at rfoxx@fipco.com or Jeff Otteson (MBIS) at jeffo@mbisllc.com.

October 11, 2023/by Hannah Flanders

Compliance, Resources

AI Reshapes the Workforce

Organizations use AI to recruit, retain talent

By Hannah Flanders

When asked if artificial intelligence (AI) would replace the workforce, experts agreed that most jobs require a human connection. However, some economists assert that automation by platforms like ChatGPT — an AI program with capabilities to understand and generate human-like text — may lead to displacement in some areas.

Although human resources and talent acquisition-related positions continue to be among the fastest growing user role on LinkedIn, according to World Economic Forum’s 2023 ‘Future of Jobs’ report, many agree that AI will only augment the abilities of human professionals, rather than replace them entirely.

“If the staff are not robots, the process shouldn’t be either,” says Renée Peterson, vice president – talent acquisition and development manager at Horicon Bank. “Being a community bank, it is important that we don’t lose the community feel.”

While the World Economic Forum predicts that AI will help create nearly 70 million jobs in the next five years, another 83 million are expected to be eliminated. Human resources professionals and bankers in Wisconsin, however, should not let this staggering number deter them from embracing AI’s potential.

Oliver Buechse, owner of Advancing Digital, explains that incorporating AI into an organization allows employers to empower their team. “AI allows individuals to do. By providing the opportunity for those that are interested to explore AI and its capabilities in their job function, employers will not only be fostering a culture of innovation but also assisting their organization in remaining ahead of a world increasingly reliant on technology.”

Recruiting, Retaining Talent

According to the Society of Human Resource Management (SHRM), it takes, on average, 36 days to fill an open position. During this time, HR professionals are occupied preparing a recruitment plan; sourcing, screening, and selecting candidates; making offers; and onboarding.

While AI cannot completely automate the recruiting process, some experts say that it may help streamline processes.

“AI is great at processing and analyzing massive amounts of data,” highlights Beth Ziesenis, a popular speaker known professionally as ‘Beth Z, Your Nerdy Best Friend.’ “By using generative AI (such as ChatGPT), hiring managers have the ability to analyze what people are looking for and consider feedback from current and former employees to develop a job description that may better communicate the benefits and responsibilities.”

Experts noted that HR professionals may also utilize AI to quickly screen public social media profiles, brainstorm relevant interview questions, and even personalize regret letters.

“In addition to saving time that would otherwise be spent researching or writing, HR teams will greatly benefit from the perspective AI can provide during the recruiting process,” Peterson emphasized.

Despite the large amount of data AI has the ability to process, Horicon Bank’s Senior Vice President – Chief Information Officer Cyrene Wilke states that staff needs to ensure that they are correctly leveraging the tools available to them.

“AI has existed in some capacity for many years, but its abilities only continue to expand,” says Wilke. “While AI at this current moment may allow us to identify top candidates for the position, it is important to recognize that not every qualified candidate makes their information public on LinkedIn or other social media and that sometimes, trained AI bias may still disqualify candidates with differing experience. For this reason, it is important that AI doesn’t entirely replace your staff — just helps enhance their abilities.”

In addition to helping HR professionals recruit for open positions, AI may also be beneficial in assisting and analyzing current employee retention efforts.

During the onboarding process, employers may utilize AI to automate training programs efficiently and inexpensively. As well as tracking employee progress, automating certain aspects of the onboarding process may help provide a more comprehensive training environment for individuals with varying skills or learning styles. Day to day, AI may also prove a powerful tool in assisting employees to understand how their role impacts the organization as a whole or to uncover new career paths within the organization.

“Companies that embrace the transparency AI provides will find a greater sense of belonging among their team members,” notes Buechse.

“With the ability to make predictions based on trends and patterns, AI can provide new perspectives,” says Wilke. “Of course, trained professionals would notice an unengaged employee through details such as excessive and unplanned paid time off. AI, however, would augment and complement the work HR professionals already do to help assist in recognizing trends or insights that are not always apparent at a surface level.”

As such, companies have begun deploying AI to assist in the process of gathering feedback from current and departing employees. Programs such as CultureAmp utilize AI to track employee engagement, measure employee satisfaction and company culture, as well as gather insight into the employee lifecycle. While many organizations already routinely connect with their employees for feedback and provide exit surveys to those leaving the organization, AI provides managers with a systematic and detailed analysis of employee sentiment.

“By taking the time to collect comments from team members, and understand what this feedback signifies, employers will stand apart in a huge way,” emphasizes Wilke. “AI has the potential to not just enhance the efficiency of multiple processes, but also aid in comprehending the employee experience and implementing necessary adaptations.”

Embracing Change

According to research by the Pew Research Center, 45% of Americans are equally concerned and excited about the growing use of AI.

“In order to curb the discomfort some may feel towards AI, it is critical that organizations have a written policy related to its use in human resources, and generally,” says Ziesenis. “Whether your team is waiting for more information or using it all the time — now’s the time to define your bank’s approach and protocol.”

Buechse agreed, “The U.K. has already released information related to its approach to harness the powers of artificial intelligence. In order to remain a step ahead, bankers should familiarize themselves with regulatory frameworks that are beginning to be published around the world. While regulation in the U.S. hasn’t quite caught up yet, that doesn’t mean it isn’t coming.”

As of this writing, bipartisan legislators have introduced a bill aimed at establishing an artificial intelligence commission to review, recommend, and develop frameworks for AI in the U.S. However, for those in the banking industry, it is important to consider the utilization of disclaimers, programs that have been tested for safety and effectiveness, as well as what protections are necessary to ensure privacy prior to launching new systems.

Given the ongoing expansion of AI throughout our lives, experts underscore the need to reframe how technology will amplify the abilities of humans.

“While AI may automate certain aspects of the profession, human resource teams may find that they have a greater ability to focus their energy and efforts on the most impactful aspects of the hiring and retention processes,” says Peterson. “AI will ultimately allow us to spend more time on fine-tuning the outcome.”

September 7, 2023/by Hannah Flanders

Posts

Get our Newsletter!