Skip to content
Close
SEARCH
Contact Us
Contact Us
Advisory Services
Auditing
Cybersecurity Testing
Hardening & Readiness
TRAC-Logo
 

Compliance. Simplified.

Simplify cybersecurity risk management and tackle your cybersecurity challenges with ease. TRAC automates the tedious risk assessment process and produces customized results that align with regulations, best practices, and your strategic goals.

Learn More
Schedule a Live Demo
TRAC Modules
Other Products

Logo_Institute

Uniquely dedicated to delivering industry-leading, quality education that instills confidence and empowers you to take security into your own hands.

Certifications
Membership
Certifications for Managers
Certifications for Executives
Technical Certifications
Webinars
Speaking Engagements
Resources
Who We Are
Why Choose SBS?
Two people shaking hands in agreement.
Eric ChaseAugust 25, 20234 min read

Customer Cybersecurity Awareness - Creating a Culture of Security

Many organizations tend to overlook the potential risks posed by their customers. Poor cybersecurity practices of customers can result in a compromise that affects your organization. A malicious attacker successfully accessing your customer’s information can set them up for a corporate account takeover (CATO) scenario. Customer compromise is tough to combat and can often lead to reputational and monetary damage to your business.


Sharing a strong culture of cybersecurity has benefits beyond mitigating cyber risks; it builds confidence amongst your employees and customers that you have made it a priority.


Develop a Training Plan

Your customers will benefit from a training plan that includes basic cybersecurity knowledge, best practices, and tips. To keep it simple, create a plan based on the same security awareness topics already shared internally, including:

  • Social engineering and phishing – A good start for a training plan is to teach customers about the various social engineering attacks, giving extra attention to phishing. Introduce the idea of The Golden Rule of Email, which is to treat every email like it is a phishing attempt. Additionally, provide information about the dangers of phishing emails, explain how to identify and handle a suspicious email, and suggest controls they can use to protect against this common threat.
  • Physical security – Educate customers about physical security threats and best practices.
  • Access controls, including passwords – Educate customers on the importance of strong authentication mechanisms. Stress the importance of length vs. complexity when it comes to passwords and encourage the implementation of multi-factor authentication (MFA) whenever possible.
  • Remote access security – Educate customers on the importance of securing remote workers through the use of VPNs, wireless network best practices, quality anti-malware programs, etc.
  • Use of encryption – Educate customers on the importance of data encryption.
  • Mobile device security – Educate customers about security controls for mobile devices, including strong passwords, biometric authentication, encryption, anti-malware programs, and Wi-Fi connectivity.
  • Malware awareness – Educate customers about defending against malicious software.
  • Importance of anti-virus and firewalls – Stress the importance of firewalls and the use of malicious program detection programs.
  • Security awareness – Stress the importance of ongoing security awareness training and staying up to date about modern attacks.
  • Incident response plans – Stress the importance of corporate customers building a plan to fail well (an incident response plan) if they are compromised.

 

Using multiple delivery channels to provide education can help ensure your customers see it throughout the year. Delivery channels can include:

  • Provide relevant cybersecurity tips, news stories, and alerts on your website.
  • Incorporate cybersecurity tips into your on-hold message when customers call your business or on physical statements or invoices.
  • Include a monthly tip in your newsletter or social media accounts to keep cybersecurity top-of-mind.
  • Encourage your customers and employees to follow your organization or other cybersecurity organizations on social media.
  • Place posters, articles, or other educational materials in the entryway, break room, bathroom, or other meeting areas.
  • Provide cybersecurity resources, control suggestions, or self-audits during account opening.
  • Host an event, such as:
    • For business customers: Plan a lunch and learn event focusing on the latest cybersecurity tips and trends.
    • For the community: Host a cybersecurity awareness day for community members to shred sensitive documents, listen to short presentations, and play cyber-themed games or trivia.
    • For your board: Have a guest speaker discuss the trends they are witnessing, and the risks associated to generate increased buy-in.


Whether you choose to talk with your customers about cybersecurity virtually or in-person, here are some additional considerations to keep in mind:

  • Invite the community: Not only should you include your existing customers, but you should consider expanding your audience to the community at large.
  • Timing: Reach the broadest audience by hosting several sessions conveniently scheduled to cover the most people possible.
  • Location (if in-person): Ensure the location is conveniently accessible and big enough to comfortably host your expected audience.
  • Platform (if virtual): Choose a platform that is easily accessible by your customers, user-friendly, and secure.
  • Partner locally: Pair up with your local chamber of commerce, an area civic organization, or academic institution to add additional community reach or resources.
  • Bring in the experts: If you’re not confident talking about cybersecurity yourself, bring in a cybersecurity expert or someone from a law enforcement agency (FBI, Secret Service, your local police department, etc.) to speak on your behalf. Choose speakers with experience in covering cybersecurity topics. Additionally, consider recording the session for those unable to attend and/or to use for content later.

 

Sharing a Strong Cybersecurity Culture

Getting out in front of your customers and talking about the importance of cybersecurity is a win/win/win:

  1. You are helping to create stronger customers that are more resistant to cyber attacks, benefiting both you and your customers.
  2. You show your customers they are more than just a number. You’re strengthening relationships and demonstrating care about their well-being.
  3. You have an opportunity to showcase new products, services, or features and boost the usage of current offerings.

 

Discussing cybersecurity with your customers allows you to highlight the measures your organization is taking to safeguard their information. In today’s market, with cybersecurity being a deciding factor for consumers when making choices, being transparent and forthcoming about your cybersecurity practices and culture can build customer trust and attract new clients.


SBS aims to simplify the process of educating your customers, board, and community about cyber safety throughout the year. The Security Awareness Toolkit provides a comprehensive range of grab-and-go resources, including cyber tips, social media posts with graphics, event ideas, and more. This toolkit makes it easy to demonstrate your dedication to sharing a strong cybersecurity culture.
avatar

Eric Chase

Eric Chase is a Client Services Information Security Consultant at SBS CyberSecurity.

RELATED ARTICLES