Business Journal Ask the Expert Column

Consumer mistrust in corporate cybersecurity is reaching all-time highs this year. A recent study conducted by the New York-based American Institute of CPAs (AICPA) stated that 81% of Americans are at least somewhat concerned about the ability of businesses to safeguard their financial and personal information, with two out of every five (40 %) reporting that they are extremely or very concerned. The concern is warranted. Many consumers prefer to bank with regional or local institutions –the exact financial institutions organized cybercriminal networks view as “the lowest hanging fruit” and easiest targets for breach. Fortunately, there’s hope for those institutions at greatest risk.

We’re not a huge bank with endless cashflow. How do we adequately protect customer accounts from cyber threats?

This may sound self-serving but it’s the truth: To survive in today’s online world, it’s absolutely critical to engage a third-party cybersecurity partner. I would prefer you hire my company, but if you don’t hire us, please hire someone. It’s nearly impossible for most credit unions and local/regional financial institutions to combat the new generation of advanced cyber criminals. You don’t have access to the talent or the technology to protect, defend and repel the repeated attacks your institution will face on a daily basis. It’s an unfortunate reality, but a reality you need to face. Partnering with a third-party cybersecurity provider aligns your company with security best practices, without the capital expenditure of hiring highly specialized staff, and the cost of added gear to equip them. Once you find the right cybersecurity partner, share the news with your customers. Let them know you’re using “heavy hitters” to protect their accounts and information. This will help relieve customer anxiety and trust issues about who’s handling their information, while differentiating your institution from the competition.

What can we do to win consumer confidence when it comes to data protection?

Transparency is key. Make your customers part of your cybersecurity program. Empower them. Engage them. Get them involved. Make them feel safer. With mobile and online banking growing in popularity by the minute, few customers are taking the necessary steps to protect their personal data, making their accounts vulnerable to cyber criminals. No matter what protocols you have as a financial institution, if your clients aren’t protecting themselves, they’re easy prey. So, use cybersecurity as a loyalty and brand building tool. Become a trusted resource to your customers by first letting them know you’re “going the extra mile” to protect their data. Then, expand the conversation and show them how to use apps and programs on their own devices to help protect and preserve their personal information. When it comes to your customers and cybersecurity, you’re no longer just in the banking business. You’re in the education and information business. Look at the world through your customers’ eyes and make your institution the hero, not the victim.

What would you recommend to help us stay compliant and better protect our customers?

The key to compliance is having a detailed plan, sticking to that plan, involving your entire organization, and testing your plans and procedures regularly to find weaknesses. This is where a third party can be the most effective. An outside set of eyes with an outside perspective can be your greatest asset, particularly with the highly specialized nature of cyber protection. Set up tabletop exercises. Even consider planting security personnel as rogue intruders and execute a surprise “controlled breach” to help your staff experience an actual cyber emergency. You need to demonstrate that you’re acting in a reasonable and prudent manner, with the best interests of your customers as your foremost goal. Above all else, transparency is key. Use compliance to retain existing customers and recruit new ones. Constantly remind customers that you are working continuously to protect them. Then, in the event of a breach, they’re more likely