October is Cybersecurity Awareness Month, an annual reminder about the importance of protecting yourself from online threats — and offering a chance to sharpen your cybersecurity skills.
This marks the 20th year of Cybersecurity Awareness Month, and I remember how the first efforts of this initiative primarily revolved around educational posters and speaking to staff at department meetings. As Halloween is also in October, the first awareness campaigns loosely tied into a scare theme by focusing on the dreadful things that would occur if a breach happened.
Technology – and cybercriminals – have come a long way in twenty years, shifting to a year-round focus on the importance of cybersecurity awareness and education, especially as we are now constantly connected to the internet through computers, mobile phones and various devices such as smart appliances, watches, doorbells or TVs. More people than ever before are working, learning, playing, connecting and shopping online, which means that always following cyber-safe practices has never been more critical.
Recognizing this shift, the Cybersecurity and Infrastructure Security Agency (CISA) has announced a new theme and campaign, “Secure Our World,” which will be used during this year’s Cybersecurity Awareness Month and beyond. This new awareness campaign aims to promote cybersecurity tips and best practices year-round.
Here are five things financial institutions should encourage their staff and customers to focus on for preventative cybersecurity action — not only this month, but year-round.
- Supercharge your passwords. Weak or easily guessed passwords are an open invitation to hackers seeking access to your organization’s sensitive information, financial assets and cardholder accounts. Strong passwords consist of a combination of upper and lower-case letters, numbers and special characters. By creating strong, unique passwords for each of your online accounts and regularly updating them, you significantly reduce the likelihood of unauthorized account access, identity theft and other cybercrimes.
- Be wary of unsecured networks. Using secure Wi-Fi networks is essential to protecting your organization’s sensitive data from cyber threats. When connected to an unsecured or public Wi-Fi network, your data could be intercepted by cybercriminals lurking on the same network. These malicious actors can capture your login credentials, cardholder information or financial data. Secure Wi-Fi networks use encryption protocols that make it significantly more challenging for cybercriminals to eavesdrop on your online activities, ensuring a safer and more private online experience.
- Use caution on social media. Staying safe when using social media requires a combination of caution and proactive measures. First, review and adjust your privacy settings to limit the amount of personal information visible to the public. Be selective about what you share, avoiding sensitive details – like your full birthdate or address. Be cautious of friend requests and messages from unfamiliar accounts, and never click on links from unverified sources. Educate yourself and your team about common social engineering tactics cybercriminals use to manipulate users into revealing personal information. Vigilance and skepticism can go a long way in ensuring your safety on social media, protecting your digital identity and preventing cyberattacks.
- If you see something, say something. Reporting suspicious emails is vital to maintaining the security of both your financial institution and your customers. Cybercriminals often use phishing emails to infiltrate company networks, steal sensitive data or spread malware. By promptly reporting any suspicious emails you receive, you enable your organization’s IT and security teams to assess and mitigate potential threats. It also helps identify patterns and sources of cyberattacks, allowing for proactive measures to be taken. Reporting suspicious emails also encourages a culture of cybersecurity awareness within your company, reinforcing that your employees are the first line of defense against cyber threats.
- Look beyond your browser. We live in an increasingly connected digital world where anything from watches to refrigerators can be connected to the internet. To stay safe, it’s essential to prioritize security measures. Change default passwords on connected devices to unique, strong ones to prevent unauthorized access. Regularly update the firmware and software of your devices to patch known vulnerabilities, while isolating your devices on a separate network to minimize the potential impact of a breach. Be cautious about sharing personal information with connected devices and read privacy policies to understand data collection practices. Finally, research the security reputation of connected products before purchasing them, as investing in reputable brands can significantly reduce the risk of cyber threats. By taking these precautions, you can enjoy the convenience of connected devices while minimizing security risks.
Cybercrime can be intimidating to combat, but it needs to remain a priority for your financial institution, staff and customers. The American Bankers Association (ABA) maintains a webpage for financial institutions with cybersecurity resources about protecting themselves and their customers from cyber threats. If you need additional help in your cybersecurity readiness, consider partnering with a fintech or industry partner, as they often have the technology and resources necessary.
Cyberattacks can greatly affect our lives, both on and offline. While it takes effort to stay mindful of things we can do to remain secure online — it is worth it.
Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.
Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.
