Best Practices in Building Security Awareness

With the Identity Theft Red Flags Rule compliance date creeping closer, we contacted several banking institutions from around the country for their insights on keeping an information security training program robust and interesting.

1. Perception is huge - Security is often seen as a "beating over the head" to some, and many employees feel they are being corrected and/or told what they should and should not do. Try the friendly "We're here to help" approach first, says Jason Bawcum, Vice President of Security at Community South Bank in Parsons, TN.

2. Remind on key messages - Because with any topic, out of sight/out of mind is what happens, says Evelyn Royer, VP Risk Management, Support Services, Purdue Employees Federal Credit Union, West Lafayette, IN.

3. Don't let lawyers or technicians write the program - Otherwise you'll end up with a dry, boring program. Make your program understandable to everyone, repeatable and interesting, says Matthew Speare, Senior Vice President of Information Technology at Buffalo, NY's M & T Bank.

4. Expand responsibility of information security to all areas of the bank. "We focus so much on the front lines that the back-office areas tend to miss the importance of securing their information," says Brandon Farmer, Senior Vice President of Operations and Technology at Bank of the James, Lynchburg, VA.

5. Match training to employee - Develop different training to match the employee type. "Compliance training isn't the most exciting training content, so the challenge is creating the 'need to know' content for the various job families and then making it something that is somewhat enjoyable to experience," says Mike Vantrease, who oversees Learning and Development at the Bank of The West, California's fifth largest bank with $62 billion in assets. "A teller doesn't need the same level of training as an information security specialist."

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.