The Agency Insider with Linda McGlasson

Cybersecurity Awareness: Rules of the Virtual Road

Cybersecurity Awareness: Rules of the Virtual Road

This month didn't slip out of my scope, but it's already October 15 -- halfway through Cybersecurity Awareness Month, designated for the last six years as the month when the public relation arms of security vendors, governors of states and other political types with predetermined agendas set forth to right a whole year of ignoring the need for strong information security awareness.

I don't have to tell you why this approach is flawed. As a former information security director used to remind me, "Every month should be information security awareness month." Security awareness should be part of everyone's job description, and if they're a customer ... well, I think they should sign an agreement to follow some basic standards of safe computing. Here's a thought: How about setting out the 10 rules for safe computing?

This statement comes with the realization that our customers aren't all rocket scientists or cybersecurity geeks when it comes to protecting their computers and personal information, which means our job is a whole lot more than just making sure our own networks are secure.

The old words ring true: Your information security program is only as strong as your weakest link. In the case of many businesses, including financial institutions, that weakest link is your customer or your employee sitting at a screen, deciding whether to click on that link that popped up in their instant messaging screen, or direct message box on Twitter, or visit that site that offers free ringtones (and malware as a bonus).

The need for a strong security awareness program for customers and employees is apparent, at least to those of us who've been on the other side of a phishing attack, like the spate that hit several banks and credit unions in the past couple of weeks.

One security professional commented to me about the lack of awareness of that bank's customer base when it came to recognizing that the automated telephone call (a vishing attack) wasn't from the bank, despite that the bank had previously told customers several times that they would not ask for account information on a call initiated by the bank.

You don't pick your customers, they choose you. This is the reason why you'll want to make sure your cybersecurity awareness program is up to date and performed on a regular cycle (think at least quarterly, if not monthly.)

Of course, we can't expect everyone to be zealously guarding their computers, routers, browsers and personal information, but having a set of basic operating standards should be required of anyone. Think of what you had to do in order to get your driver's license.

Here's my take on the first few rules:

  • Keep your operating system up to date with the latest patches;
  • Update your anti-virus and anti-spyware regularly, if not daily;
  • Install a firewall on your PC;
  • Don't click on links in emails that are from unknown origins (or known origins for that matter).

That's four; it's a start. What would you want the rest of the 10 rules for safe computing to look like?



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.