Jack E. Hopkins: Employing a Multilayered Cybersecurity Approach

Cybersecurity keeps me up at night. With the increasing sophistication of AI and other tools, and all the information available on the dark web, fraudsters devise attacks that look authentic and have the potential to circumvent our defenses.

So, we have to invest in cybersecurity measures that address threats in a layered fashion. At my bank, we have employed a four-tiered cybersecurity approach:

1. Education and awareness. Helping our customers to identify cyber threats goes a long way toward preventing their success. We put out informational pieces and targeted advertising, as well as regular email tips and social media posts. We constantly remind our customers that we’ll never reach out and ask for personally identifiable information, so if someone’s asking, it’s a fraudster. 

2. Training. We address cybersecurity from day one; our new employee orientation includes cyber training. Additionally, we partner with firms—ICBA ThinkTECH alumni and Preferred Service Providers—to help us with ongoing education. For example, we use a firm to help us with regular phishing tests to make sure our teams understand what they should be prepared for. We also provide role-specific training: Our BSA staff are certified through ICBA’s certification programs. In addition, they are involved in information-sharing forums, exposing them to what’s happening with cyber attacks on a national and regional basis.

3. Dark web monitoring. We have also employed a firm to support us in monitoring the dark web for our employees’ and customers’ information. Armed with these findings, we’ve worked proactively with customers to close down exposed accounts. Not only does this help protect the bank, but it also builds trust and deepens our customer relationships. 

4. Technological tools and expert support. We deploy solutions that flag suspicious activity in our systems, and we’ve hired a cybersecurity firm to assess our operating systems, monitor for failures or vulnerabilities in those systems, and shore up our defenses. We’ve realized that if you have account opening and transactional activity enabled through your website, you need more sophisticated tools. The more access points to your systems, the better your defense mechanisms need to be.

In today’s environment, we must be constantly vigilant. Fortunately, ICBA offers the education, resources and tools to support us in employing multilayered protection. By using those solutions, we can rest assured that we’re doing everything in our power to keep our banks and customers safe.