While all businesses face the risk of cyberattacks in the modern digital age, the banking industry must work particularly hard to protect data and guard against threats.
“There are a few industries in which cybersecurity is of paramount importance, and banking is one of them,” said Jim Daly, senior vice president and chief information officer at Pottstown-based Diamond Credit Union.
According to the Boston Consulting Group, financial firms are 300 times more likely than other institutions to be attacked by cyber criminals, meaning they must take every step available to prevent attacks and protect themselves and their customers.
Fortunately, according to Duncan Campbell, president and CEO of the Pennsylvania Bankers Association, a trade association that provides education, advocacy and other services to banks and affiliate members, banking institutions are held to high standards that they take seriously.
“Banks exemplify the gold standard of security protection,” Campbell said. “They are examined by regulators, and they take the regulations they must follow very seriously. I’m proud of the industry’s efforts.”
What Financial Institutions Are Doing to Enhance Cybersecurity
Based in Chester County, Customers Bank has made significant investment in its efforts to enhance cybersecurity, according to Vivin Varghese, chief information security officer.
With locations in nine states, the institution has hired cybersecurity experts and invested in advanced security technologies. It conducts regular security audits and has adopted sophisticated technologies including artificial intelligence (AI) and machine learning.
“Those types of technologies can help in detecting anomalies, identifying patterns of fraudulent activities and securing transactions,” Varghese wrote in an email.
While representatives at Diamond Credit Union were understandably tight-lipped about specific measures used to prevent fraud, Rob Hackash, director of branding, assured that security is highly prioritized.
“It’s not a once-and-done effort,” Hackash said. “It’s a continuous thing. And we live by the motto, ‘kindly question everything.’ If something doesn’t seem right, ask about it.”
Employee training and ongoing security education are important tools employed by both institutions.
Daly regularly sends out “knowledge of power” emails that address breaches and other security-related issues, and employees are required to watch monthly videos pertaining to cybersecurity.
“Our staff is our first line, our best line and our last line of defense,” Daly said. “You can have 30-foot walls, a moat with alligators, archers and guard dogs, but if an employee lets the drawbridge down and somebody comes in, you’ve just defeated all the security measures in place to protect the castle.”
Employees at Customers Bank participate regularly in cybersecurity training sessions where they learn about the latest threats and phishing techniques, the importance of strong passwords and multi-factor authentication and other topics.
Customers also enforces a policy that outlines guidelines and procedures for employees who wish to use personal devices for work purposes.
Educating Customers Vital to Security of Financial Institutions
While financial institutions must ensure security internally, they also must work with customers to help them keep their accounts and assets safe.
It is the responsibility of Katrina Boyer, investor education coordinator for the Pennsylvania Department of Banking and Securities, to educate members of the public about banking-related issues.
She meets with groups of senior citizens, veterans, service providers and others to spread the word about identity theft, provide advice about passwords and teach people the ins and outs used in phishing and hacking.
“We focus on educating investors so they can protect the assets they have,” Boyer said.
People are generally appreciative of her efforts, often admitting to her they’ve been the victim of scams.
“I’m glad when people are willing to talk about it because it happens so often,” Boyer said. “There shouldn’t be shame involved with being a victim.”
Some of the best advice Daly, Campbell, Varghese and Boyer offered for customers of financial institutions includes the following:
• Learn to recognize suspicious emails. Beware of emails that are unexpected, or contain misspellings, bad grammar, threats or offers that are too good to be true. The best plan is to not open emails you don’t recognize. If you do open one, never click on any link contained within it.
• Create strong passwords and change them quarterly. Passwords should be a minimum of 15 characters and include capital letters, letters, numbers and symbols. Never use the same password for more than one website. While having multiple passwords can seem cumbersome, a password manager can help you generate and store them.
• Beware of scams such as a phone call from someone pretending to be a family member or friend who is in trouble and needs you to wire money immediately.
• Don’t use predictive passwords or answers to security questions. For instance, if a security question is “name of your favorite dog,” and you frequently post photos with captions on Facebook about your cute corgi named Winston, do not use the dog’s name as an answer. Criminals use computer programs to sweep social media platforms and gain personal information.
• Check bank accounts regularly — preferably every day. Look for unauthorized transactions and alert your bank immediately if you notice anything amiss.
• Set up a separate email that you use only for financial correspondence.
• Look for educational information on your banking institution’s website. Most financial institutions offer articles, posts, videos and other products with tips for keeping you safe.
• Sign up for multi-factor authentication, which is when a bank requires you to enter a code sent to your email or text message in addition to entering a password.
• Use notifications and sign up for alerts to signal you of suspicious activity or other issues with your account.
While it may not be possible to completely safeguard all your accounts and keep bad actors from accessing your information — or worse yet — your money, there are many things you can do to discourage that from happening.
“It’s sad that we’re all being preyed upon by these bad guys, but we don’t have to make it easy for them,” Campbell said.
