Many organizations underestimate the risks their customers can introduce, but poor cybersecurity practices by customers can result in a compromise that affects your organization.
A malicious attacker successfully accessing your customer’s information can set them up for a corporate account takeover (CATO) scenario. Customer compromise is tough to combat and can often lead to reputational and financial damage to your business.
Sharing a strong culture of cybersecurity has benefits beyond mitigating cyber risks; it builds confidence amongst your employees and customers that you have made it a priority.
Develop a Training Plan
The cornerstone of your cybersecurity culture is training. Your customers will benefit from a training plan that includes basic cybersecurity knowledge, best practices, and tips. To keep it simple, create a plan based on the same security awareness topics already shared internally. Share training that educates customers about:
- Various social engineering attacks, giving extra attention to phishing.
- Introduce the idea of The Golden Rule of Email, which is to treat every email like it is a phishing attempt. Additionally, provide information about the dangers of phishing emails, explain how to identify and handle a suspicious email, and suggest controls they can use to protect against this common threat.
- Physical security threats and best practices.
- Strong authentication mechanisms.
- Stress the importance of length vs. complexity when it comes to passwords and encourage the implementation of multi-factor authentication (MFA) whenever possible.
- Securing remote workers through the use of VPNs, wireless network best practices, quality anti-malware programs, etc.
- The importance of data encryption.
- Security controls for mobile devices, including strong passwords, biometric authentication, encryption, anti-malware programs, and Wi-Fi connectivity.
- Defending against malicious software.
- Firewalls and the use of malicious program detection programs.
- Ongoing security awareness training and staying up to date about modern attacks.
- Building a plan to fail well (an incident response plan) if they are compromised.
Using multiple delivery channels to provide education can help ensure your customers see it throughout the year. Delivery channels can include:
- Website: Provide relevant cybersecurity tips, news stories, and alerts on your website.
- Phone: Incorporate cybersecurity tips into your on-hold message when customers call your business or on physical statements or invoices.
- Newsletter: Include a monthly tip in your newsletter or social media accounts to keep cybersecurity top-of-mind.
- Social media: Encourage your customers and employees to follow your organization or other cybersecurity organizations on social media.
- Onsite: Posters, articles, or other educational materials should be placed in the entryway, break room, bathroom, or other meeting areas.
- New account: Provide cybersecurity resources, control suggestions, or self-audits during account opening.
- In-person event: Host an event, such as:
- For business customers: Plan a lunch and learn event focusing on the latest cybersecurity tips and trends.
- For the community: Host a cybersecurity awareness day for community members to shred sensitive documents, listen to short presentations, and play cyber-themed games or trivia.
- For your board: Have a guest speaker discuss the trends they are witnessing and the risks associated to generate increased buy-in.
Whether you choose to talk with your customers about cybersecurity virtually or in person, here are some additional considerations to keep in mind:
- Invite the community: Not only should you include your existing customers, but you should consider expanding your audience to the community at large.
- Timing: Reach the broadest audience by hosting several sessions conveniently scheduled to cover the most people possible.
- Location (if in-person): Ensure the location is conveniently accessible and big enough to comfortably accommodate your expected audience.
- Platform (if virtual): Choose a platform that is easily accessible by your customers, user-friendly, and secure.
- Partner locally: Partner with your local chamber of commerce, an area civic organization, or an academic institution to expand your community's reach or resources.
- Bring in the experts: If you’re not confident talking about cybersecurity yourself, bring in a cybersecurity expert or someone from a law enforcement agency (FBI, Secret Service, your local police department, etc.) to speak on your behalf. Choose speakers with experience in covering cybersecurity topics. Additionally, consider recording the session for those unable to attend and/or use it for content later.
Sharing a Strong Cybersecurity Culture
Getting out in front of your customers and talking about the importance of cybersecurity is a win/win/win:
- You are helping to create stronger customers who are more resistant to cyber attacks, which benefits both you and your customers.
- You show your customers they are more than just a number. You’re strengthening relationships and demonstrating care about their well-being.
- You have an opportunity to showcase new products, services, or features and boost the usage of current offerings.
Discussing cybersecurity with your customers allows you to highlight the measures your organization is taking to safeguard their information. In today’s market, with cybersecurity being a deciding factor for consumers when making choices, being transparent and forthcoming about your cybersecurity practices and culture can build customer trust and attract new clients.
How Can SBS Help?
Your commercial customers can be a significant area of risk, but how to tell which ones should concern you the most? The CATRAC module in TRAC is built to give you quantitative risk assessments for each commercial customer while providing invaluable education about how they can better protect themselves going forward.