Why cybersecurity education programs may pay off

Photo by Ricardo Imagen/Getty Images

Community banks can protect their small business customers—and themselves—from cybersecurity attacks and data breaches with ongoing cybersecurity education programs.

By Colleen Morrison

When it comes to cyberattacks, fraudsters don’t only target the largest companies. In fact, Verizon’s 2020 Data Breach Investigations Report found that more than a quarter of cyberattack victims were actually small businesses.

“No one should think, ‘We’re too small to be attacked,’” says Steven Estep, assistant vice president of operational risk at ICBA. “Cybercriminals are everywhere, and they are going to attack anyone they can. Don’t fall into the trap and think only the big guys are being attacked, because those are [just] the ones that make the news.”

As drivers of small business loans in their local areas, community banks have stepped up their cybersecurity education over the past few years to address this issue. Many have instituted educational programs aimed at helping their customers make better decisions when it comes to cybersecurity.

“Cyber incidents cause outages and disruptions,” says Mark Marionneaux, president, CEO and chief lending officer at $300 million-asset Bank of Zachary in Zachary, La. “Loss of production alone is significant enough that many businesses who experience it for more than a few days are at risk of going out of business. Sharing our knowledge with our customers and their employees will help them survive and thrive.”

“If the training we offer can help at least one customer prevent a cyberattack, it is a win. We owe it to them all to help educate them on protecting themselves.”
—Mark Marionneaux, Bank of Zachary

For Bank of Zachary, cybersecurity education has become a cornerstone of its small business outreach. The community bank hosts an annual in-person training that went virtual in 2020. In addition, it runs a corporate account takeover training session each year for businesses. In this event, bank leadership assembles its own IT team, key vendors and experts to share experiences and offer an overview of the latest trends and threats. The goal is to ensure customers stay up to speed on emerging cybersecurity issues.

“If the training we offer can help at least one customer prevent a cyberattack, it is a win,” Marionneaux says. “We owe it to them all to help educate them on protecting themselves.”

While these educational events provide in-depth fraud discussions, community banks can also support their customers with quick-hit information via blog posts or newsletter articles, webinars and lunch-and-learns. The goal is to continue a steady drumbeat of cyber awareness. “I believe that, regardless of the training, getting the information out to all customers is vitally important,” Marionneaux says. “It’s not only for their business, but it offers good habits that also roll over to their personal lives.”

Promoting cyber hygiene

Community banks themselves benefit from internal training, too. When a bank’s staff has a deeper understanding of existing and emerging cyber threats, it’s better positioned to thwart an attack. For example, $247 million-asset Wolf River Community Bank in Hortonville, Wis., not only provides educational information to help customers, it also requires continuous cybersecurity training throughout the year for bank employees. This ensures that all staff are better equipped to recognize fraud and mitigate threats. This knowledge provides added support to small business customers, who stand to benefit from an increased emphasis on cybersecurity at their bank.

“Community banks are in a unique and fortunate position to have both the need and an opportunity to educate their customer base on cybersecurity,” Estep says. “It’s a necessity in that community banks need their customers to keep their online banking accounts secure, so they [should] educate them on how to do so.”

He adds that if community banks make a concerted effort to provide ongoing security education to their staff members and their customers, they “have the opportunity to create a stronger culture of cyber hygiene throughout their communities.”

A culture of awareness

While it may feel like we’re fighting an uphill battle against ever-changing fraud techniques, community banks’ small business education efforts have been proving successful. In fact, despite the pervasiveness of cyberattacks on small businesses today, the number is declining. In 2018, 58% of data breaches occurred at small businesses. But according to Verizon’s 2020 report, that figure had dropped to 28% two years later.

To continue moving that trend in the right direction, experts advise community bankers to stay the course with their cybersecurity education and talk to their customers about emerging threats. This dialogue will provide important insights into the depth and kind of information customers need from their bank.

“Start asking questions,” Marionneaux says. “[Your customers] will tell you where they feel vulnerable. Cybersecurity awareness needs to become a culture within even the smallest businesses.”

Cybersecurity resources

ICBA’s Cyber & Data Security page aggregates key advice on customer education and internal mitigation, as well as best practices, alerts and other materials to help community banks address ever-evolving cybersecurity threats. icba.org/cyber

Colleen Morrison is a writer in Maryland.