The probability is high that a bank customer will at some point experience a cybersecurity incident. Above and beyond the financial and operational risk, cybercrime comes with substantial reputational risk for banks, as customers are far less likely to trust institutions whose products and services are frequent targets for breaches or hacks.
While banks are ramping up their security initiatives to combat clever hackers, they often overlook one beneficial yet simple tactic: educating consumers in cybersecurity best practices they can take to protect themselves.
In a recent Consumer Cybersecurity Poll by Computer Services Inc., more than 90 percent of respondents expressed concerns about the security of their personal data online. As a result, nearly 75 percent reported that they would be likely to participate in a cybersecurity awareness or education program offered by their financial institution.
Taking a three-step approach to increase consumer cybersecurity awareness can help banks reduce losses, increase customer loyalty and improve their cybersecurity posture.
Awareness: Identifying Risky Activity
Do your customers know what fraud looks like? Can they point out suspicious activity? A little education goes a long way toward preventing cybercriminals’ most common tactics, like phishing and malware.
When it comes to phishing, consumers were once advised to watch out for typos, misspellings and odd grammar mistakes. But today’s phishers are much more sophisticated. Their emails are free of spelling errors and often closely mirror the logos and brand colors of trusted brands, such as the victim’s bank. Increasing the risk, cybercriminals are exploiting “lateral phishing” – using hijacked accounts to send phishing emails to the victim’s personal contacts. Because the email appears to come from a known source, recipients are more likely to download dangerous attachments.
Phishing is the main method of delivery for malware, which is software designed to gain unauthorized access to computer systems or for other malicious intent. Malware typically takes two forms: spyware that secretly observes activity and can be used to steal data like passwords or credit card numbers, and ransomware, which locks the consumer out of their computer until a ransom is paid.
Raising awareness and educating customers on these malicious tactics can save banks and their customers a lot of headaches.
Action: Engaging customers in fraud prevention
The next step is to arm customers with methods to safeguard themselves against cyberattacks. Here are a few useful tips banks can share with customers to protect themselves and the institution:
- Monitor bank accounts regularly: Leverage online and mobile banking to monitor bank and credit card accounts anytime in between statements.
- Avoid public Wi-Fi for transactions: Help customers understand that public Wi-Fi networks are often not secured, and without the use of VPN, hackers can easily eavesdrop on their activity.
- Strengthen passwords: Many consumers still use the same password for multiple accounts, exponentially increasing their risk. Help customers understand the importance of using a strong and unique password for each account and point them toward tools to securely manage their passwords.
- Engage notifications: Let customers know about the technology available to protect their accounts, like utilizing on/off card features, recording travel plans with banks and card issuers and setting up purchase notification features for debit and credit cards.
Recovery: Navigating the aftereffects of cybercrime
An ounce of prevention is worth a pound of cure, but banks need to be ready and able to work closely with customers if an account is compromised or they detect suspicious activity. The faster a breach or fraud is confronted, the more likely the bank and consumer are to recover lost funds and protect data.
Make sure customers understand the key actions they should take after a data breach, including finding out what information was stolen and if their personal data was included. Make it easy for them to set up fraud alerts on affected debit and credit cards and credit reports.
It’s also important to provide a clear roadmap for consumers to follow in the event of identity theft. The process can be confusing, so providing the tools to understand the specific steps can greatly improve customer loyalty and engagement.
Communication is crucial
Like most complex topics, it could take more than one attempt for your customers to truly absorb the cybercrime prevention message. That makes it critical to use all communication channels at your institution’s disposal: statement inserts, website messages, social media posts, texts, emails and in-person interactions.
In addition, some banks offer educational classes related to fraud and cybersecurity. Such personal interaction strengthens customer relationships and builds their confidence in your institution.
Steve Sanders is vice president of internal audit at Computer Services Inc., which provides financial technology solutions and regulatory compliance software.