In case you haven't heard, a team of physicists have figured out how to encode data on single atoms. Using some super brains, super cool magnets and some super elbow grease they got it to work. By the way, an atom is about 1mm times smaller than a human hair, so this is really, really small. Pretty neat trick and it shows what one can do by attacking a problem head on.
Speaking of attacks, there is a new sort of cyberattack going on that bankers should know about. According to CIO, hackers call the customer service line at hotels or restaurants and pretend to be clients who can't access the online reservation system. The hackers also send an email to the customer service agent and it includes an attached word document that supposedly contains their reservation information. Unbeknownst to the customer service rep, the document is actually designed to download malware that steals customer credit card information.
While this particular crime wave doesn't appear to be targeting banks just yet, it is another reminder that when it comes to cybersecurity, a bank can never be too careful. Indeed, these latest attacks highlight how important it is to remain vigilant in the battles raging all over the place as bankers and other companies fight the cybersecurity war being waged against us.
We've written before that your employees are often the weakest link in this area so a focus here is critical. Consider a CEB study from late last year that found more than 90% of employees violate policies designed to prevent data breaches. The scary thing is that offenders aren't always taking aim at company systems maliciously. In most cases, problems occur unintentionally, such as an employee accidentally clicking on something they shouldn't, or cutting security corners to get the job done faster.
Bank leaders need to reinforce the message that controlling cyber risk and ensuring company security is everyone's business. Clear protocols should be regularly reviewed and updated. New breach events, such as the above regarding customer service infiltrations, necessitate tabletop testing, enhanced review and possible update of protocols with recommunication bank-wide.
To help engage employees and better understand their concerns, role playing can be an option. This sometimes helps employees gain insight first hand into potentially risky situations and the best ways to react calmly. Knowing that they can rely on their coworkers and management for guidance in such exercises creates not only a feeling of support, but also commitment.
Although most community banks know password sharing is a security no-no, this too remains an area to review regularly. Research finds about 70% of people use the same password for multiple websites, 62% of smartphone owners don't password protect their device, 31% of people have shared passwords with friends and people over and over again use dumb and easily broken passwords like "password," "iloveyou" and "abc123". To protect your bank, be sure employees have clear guidance about what they should and should not be doing here; help them understand the risk to themselves and the bank in using simple passwords all over the internet.
Some community banks may feel immune from trouble because of their size, but in reality, you have just as much to fear from hackers as the largest banks. While those names are more known worldwide, almost everyone knows all banks are listed in the FDIC, lists are everywhere and bank websites are easily found. No matter your sophistication here, a continual focus on cybersecurity is needed to avoid trouble.