Cybersecurity education planning

Rayleen M. Pirnie, owner of RP Payments Risk Consulting Services, teaches a cybersecurity class at Farmers Trust & Savings Bank in Spencer, Iowa.

Rayleen M. Pirnie, owner of RP Payments Risk Consulting Services, teaches a cybersecurity class at Farmers Trust & Savings Bank in Spencer, Iowa.

At a time when many customers worry about keeping their data secure, a cybersecurity education program offered at a community bank can be a way to play an active role in their financial well-being. Here’s how one community bank is drawing hundreds of people to its cybersecurity events.

By Mary Yerkes


Ask a group of community bankers what keeps them up at night, and more than a few would say cybersecurity. And it’s not just bankers who have concerns. A recent survey from Computer Services, Inc. (CSI) in Paducah, Ky., revealed that 92% of U.S. consumers have concerns about the security of their sensitive information online. And almost three-quarters (74%) of U.S. consumers say they’d be willing to attend a bank-sponsored cybersecurity education program if it were offered. There’s a clear opportunity here to deepen relationships with potential and existing customers. So, how should community banks go about starting such a program?

Quick stat

92%

of consumers have concerns with the security of their sensitive data online

Source: CSI survey

“You have to first develop a relationship with your customers. Then comes the trust,” says Debbie L. Sundall, senior vice president at $350 million-asset Farmers Trust & Savings Bank in Spencer, Iowa. “Customers then come to realize that, ‘If my bank is offering something, I probably need to be educated on it.’”

Sundall, who heads her community bank’s cybersecurity education program, says her most recent event drew close to 300 people. The group was so large that Farmers Bank accommodated the crowd at an events center located at the local fairgrounds. That said, it’s taken plenty of work to get to that point.

“Don’t expect instant success,” says Rayleen M. Pirnie, founder and primary consultant of RP Payments Risk Consulting Services, a consulting firm in Kansas City, Mo., that specializes in helping payments participants identify and mitigate risk, including fraud. “Very few banks realize immediate success,” she adds. “You will probably only get two dozen or so the first couple of times.”

Farmers Bank began offering its cybersecurity program seven years ago after Sundall noticed an uptick in fraudulent activities reported by the community bank’s individual and business customers. At the time, she reached out to Pirnie to create a program focused on customer cybersecurity. But it is just one piece of the bank’s cybersecurity education program. Staff and customers receive resources throughout the year that help raise awareness about new scams and how to respond.

As part of RP Payments’ offering, Pirnie distributes cybersecurity pamphlets, flyers and posters to her banking clients, who then pass them on to customers. She urges community banks to access resources, many of which are free, from reputable organizations like the Federal Trade Commission (FTC), the FBI and cybersecurity consultants.

“Cybersecurity education should be an ongoing process,” says John Moeller, principal, financial institutions for CliftonLarsonAllen, LLP and a former Graduate School of Banking at Colorado instructor in information technology.

“Cybersecurity education should be an ongoing process.”
—John Moeller, CliftonLarsonAllen, LLP

Before starting any cybersecurity education program, Moeller says community bank executives and branch staff should understand the threats and how to address them.

Setting up your program

The cybersecurity topics you include in your program will depend on your bank’s audience and their needs. Topics that may resonate with a rural audience may fall flat with East Coasters. It’s important to start with the basics, however.

At a minimum, Pirnie says, community banks should start by identifying realistic threats, highlighting red flags that customers should watch for and teaching them what to do if they suspect their personal information has been compromised or they’ve fallen victim to a scam.

It also helps to make the training fun, Pirnie says. One bank she partners with invites its business customers to come to the training in golf clothes. After the event, attendees go out and play a round of golf together.

Farmers Bank takes a different approach, one uniquely suited for its audience. For the community bank’s latest training event, Sundall ordered branded whistles for attendees, most of whom were 65 or older. Pirnie suggested that attendees blow the whistle into the phone the next time a perpetrator called. That simple act gave them a sense of control.

A cybersecurity education program may require an investment of both staff time and money. Is it worth it?

If your community bank is looking for direct financial gain, probably not. But a program can reduce risk for your customers and your bank. It can also earn you new customers, differentiate your bank from the competition and increase brand recognition and credibility in your community.

Before starting such a program, make sure you have sufficient resources in place. It helps to identify an employee who is passionate about advocating for customers and can take the lead. Give them time to do research, gather information from sources like the FTC or state attorney general’s office, and find a credible speaker or presenter.

Sundall says the most important thing is to act. “This is a multibillion-dollar business for scammers, and it isn’t going away,” she says. “Make a plan, and it’s OK to start small. Keep in mind that the person running the program doesn’t need to know everything. But they do need to know where to go for resources.”

How to get the word out about your cybersecurity education program

Debbie L. Sundall

Debbie L. Sundall

In addition to publicizing your bank’s cybersecurity education program through social media, emails and your website, consider sharing information with local media and law enforcement. Debbie L. Sundall, senior vice president at Farmers Trust & Savings Bank in Spencer, Iowa, runs her bank’s program. In her experience, law enforcement has been excellent about notifying the public of events like this, especially when they see a concentrated area targeted with particular scams. Sundall has also done radio and newspaper interviews, which reach noncustomers and help to raise awareness about Farmers Bank’s services.


Mary Yerkes is a writer in North Carolina.

Top