Cybersecurity Best Practices: How Your Financial Institution Can Help Consumers Stay Secure

Cybersecurity breaches are a major issue faced by organizations all over the world. But does the average consumer need to worry about getting hacked? And what risk does a consumer getting hacked present to their financial institution?

CSI's 2021 Consumer Cybersecurity Poll found that 85% of Americans reported cybersecurity concerns relating to their personal confidential data. However, a similar survey conducted by CSI in 2019 found that 92% of consumers expressed cybersecurity concerns, a decrease of seven percentage points.

It seems many Americans may perceive cyberattacks to be beyond their control, accepting this risk as part of everyday life. This acceptance may have resulted in lower security standards and lax practices in their personal lives, further exacerbating the likelihood of falling victim to an attack. And consumers with more tolerance for risk and lower security expectations could lead to adverse effects for financial institutions, making awareness and education of cybersecurity best practices more important than ever.

For insight into the full results of the 2021 Consumer Cybersecurity Poll, download the executive report.

Cybersecurity Best Practices to Include in Your Institution's Awareness Training

Despite consumers' varying perceptions of cybersecurity risk, anyone can be the target of hackers looking to steal money, information or an identity. But there is good news: Even the least computer-savvy people can take steps to protect themselves.

Your financial institution should empower consumers with information through cybersecurity awareness campaigns, an important step in the fight against cybercrime. Providing education and promoting good cyber hygiene will mitigate cybersecurity risk for consumers and your institution while increasing the potential for new business through knowledge sharing.

As your institution plans cybersecurity awareness initiatives, consider including the following cybersecurity best practices to enhance protections for your customers or members.

• Update Devices: Everyone is likely familiar with the annoying pop-up reminder that your computer or phone requires a software update. While it may be easy to click "Remind Me Tomorrow," it is best that customers or members take the time to install those immediately. Those updates often contain critical security patches that are easily exploited by cybercriminals. Almost all devices offer the option for automatic updates to streamline this process.
• Install Anti-Virus (AV) Software for Home Devices: Home devices are subject to the same viruses and malware that can infect corporate machines. Home users should invest in AV software and make sure it periodically scans machines and updates to the newest definitions. While a paid AV software is recommended, there are free versions for consumers from companies like Bitdefender, Microsoft, Sophos and others which offer options for MAC and Windows.
• Sign Up for Alerts: CSI's recent poll revealed that the top cybersecurity issues that worry consumers as related to their personal confidential information are identity theft and stolen credit or debit card information, at 60% each. Effective alerting could enhance consumer vigilance against these threats.

Many websites offer free alerting to let users know when something happens on an account. Encourage your customers or members to take advantage of these alerts to monitor for potential fraud. Many financial institutions and credit card companies also offer alerts on purchases of a certain size or purchases made without the card present. Encourage customers and members to utilize this feature to quickly know if a card number has fallen into the wrong hands and minimize the damage.

• Think before Clicking: Hackers often use SPAM email and text messages to get people to click on malicious links that lead them to download viruses or spyware, or prompt users to enter their credentials. Before clicking, your customers and members should ask the following questions:
• Is this email expected? For example, did the text come with a link to tracking information for a mysterious order?
• Who is sending this text or email? Hackers often use email addresses that look correct at first glance but are forged. As an example, an email from Apple.com would be correct, but an email from AppleInc.com would be forged. Additionally, text messages from businesses traditionally come from a five-digit number. If a consumer receives a suspicious text claiming to be from a company, but it has a 10-digit number, it is best to delete and block the number.
• Is this link legitimate? Before clicking on any link, hover over the link with a mouse to see the website the link directs to. If the underlying address does not match up to the address in the email, do not click it.
• Does this feel weird? Your customers or members should evaluate the situation before letting stress set in and making decisions that might put them at risk. If something feels like a scam it probably is a scam; encourage them to trust their instinct.
• Enable Multi-Factor Authentication: One of the most troubling results of this year's survey is that 30% of Americans agree that it is okay to use the same password for an online bank account that they use for other online accounts. Your institution should encourage consumers to use strong passwords while providing and promoting multi-factor authentication (MFA) to make it more difficult for hackers to gain account access.

Unfortunately, a username and password does not always provide adequate protection against hacking. It is not uncommon for these credentials to make their way to the dark web and into the hands of cybercriminals. To increase protections, many websites that hold important information offer the option for MFA. Instead of logging in with only a username and password, a user must provide a third piece of information to access their account.

Typically, the third piece of information comes in the form of a code sent via text or phone call to a specified number. There are also authenticator applications that serve the same purpose. While MFA may not be needed for every account, it is highly recommended for email accounts, online banking, healthcare accounts and anything that holds sensitive information.

Empowering Consumers with Cybersecurity Best Practices

If your customers or members are following cybersecurity best practices, then they are less likely to be the victim of a breach, and in turn, your institution is less likely to spend time and resources responding to the effects of the breach. In other words, a security-conscious consumer means less risk for your institution.

Download CSI's 2021 Consumer Cybersecurity Poll Executive Report to learn more about consumers' cybersecurity perceptions and how your institution should address their concerns through cybersecurity education.

Rachael Schwartz has more than nine years of experience in advising financial firms. Prior to joining CSI, she worked with some of the largest hedge funds and private equity funds in New York City as an IT and cybersecurity consultant. In her current role at CSI, she lends her expertise to community banks and credit unions, helping them maximize their technology investments and increase security while reducing their operational burdens.