Having a solid cybersecurity plan in place is essential for any organization to protect its sensitive data from cyber threats. The community bank where I am employed has taken extensive measures to safeguard against cyber-attacks, such as setting up reliable backup systems and establishing best practices for implementing information security. Nevertheless, it is crucial not to overestimate and rely on technology alone to guarantee protection against threats. The most significant vulnerability in any organization is the employees themselves.

Employees can be the weakest link in the chain as they have access to sensitive information and may not always be vigilant enough to follow security protocols. According to Verizon's 2022 Data Breaches Investigations Report, 82% of data breaches were caused by human error, and Proofpoint's 2022 Human Factor report found that 55% of U.S. workers took risky actions, 26% clicked on an email link that led to a suspicious website, 17% accidentally compromised their credentials, and only half of those polled were able to identify the term "phishing" correctly. [1]

To address this issue, the bank regularly conducts training and awareness programs for all employees, emphasizing the importance of creating strong passwords, identifying suspicious links, and the proper handling of sensitive information. It also conducts phishing exercises to remind employees of potential threats and test their responses.

However, employees can get distracted and overlook security measures by clicking on suspicious links or leaving laptops unlocked and unattended. Such actions could allow cybercriminals to access sensitive data, resulting in a devastating loss to the bank. Therefore, relying solely on technology to protect against cyber threats is not enough. Continuous training and equipping employees with the tools to recognize and prevent cyber-attacks are crucial for maintaining a strong and resilient cybersecurity program.

A risk that an organization should be careful not to underestimate:

While employees play a crucial role in safeguarding customer data, financial institutions should not underestimate the potential risks their customers pose. Many customers use the internet and mobile services without having strong cybersecurity measures in place, leaving them vulnerable to hacking and compromised information. These compromises can result in unauthorized access to bank accounts, unauthorized transfers of funds, and depletion of bank accounts.

It is important to educate customers about cybersecurity threats and encourage them to use protective measures, such as anti-virus software, anti-spyware, and firewalls, when accessing sensitive information online. According to a Consumer Cybersecurity Poll conducted by Computer Services Inc., 90% of respondents were concerned about the security of their personal data online, and nearly 75% reported that they would be interested in participating in a cybersecurity awareness or education program offered by their financial institution. [2]

Financial institutions should take a proactive approach to educating their customers on cyber threats the same way they educate their employees. This will help reduce bank losses, strengthen customer relationships, and improve the bank's cybersecurity posture.

How should I respond?