Skip to main content


Customer Cybersecurity Awareness – Creating a Culture of Security

Customer Cybersecurity Awareness – Creating a Culture of Security

Many organizations tend to overlook the potential risks posed by their customers. Poor cybersecurity practices of customers can result in a compromise that affects your organization. A malicious attacker successfully accessing your customer’s information can set them up for a corporate account takeover (CATO) scenario. Customer compromise is tough to combat and can often lead to reputational and monetary damage to your business.

Sharing a strong culture of cybersecurity has benefits beyond mitigating cyber risks; it builds confidence amongst your employees and customers that you have made it a priority.

Develop a Training Plan

Your customers will benefit from a training plan that includes basic cybersecurity knowledge, best practices, and tips. To keep it simple, create a plan based on the same security awareness topics already shared internally, including:

  • Social engineering and phishing – A good start for a training plan is to teach customers about the various social engineering attacks, giving extra attention to phishing. Introduce the idea of The Golden Rule of Email, which is to treat every email like it is a phishing attempt. Additionally, provide information about the dangers of phishing emails, explain how to identify and handle a suspicious email, and suggest controls they can use to protect against this common threat.
  • Physical security – Educate customers about physical security threats and best practices.
  • Access controls, including passwords – Educate customers on the importance of strong authentication mechanisms. Stress the importance of length vs. complexity when it comes to passwords and encourage the implementation of multi-factor authentication (MFA) whenever possible.
  • Remote access security – Educate customers on the importance of securing remote workers through the use of VPNs, wireless network best practices, quality anti-malware programs, etc.
  • Use of encryption – Educate customers on the importance of data encryption.
  • Mobile device security – Educate customers about security controls for mobile devices, including strong passwords, biometric authentication, encryption, anti-malware programs, and Wi-Fi connectivity.
  • Malware awareness – Educate customers about defending against malicious software.
  • Importance of anti-virus and firewalls – Stress the importance of firewalls and the use of malicious program detection programs.
  • Security awareness – Stress the importance of ongoing security awareness training and staying up to date about modern attacks.
  • Incident response plans – Stress the importance of corporate customers building a plan to fail well (an incident response plan) if they are compromised.


Using multiple delivery channels to provide education can help ensure your customers see it throughout the year. Delivery channels can include:

  • Provide relevant cybersecurity tips, news stories, and alerts on your website.
  • Incorporate cybersecurity tips into your on-hold message when customers call your business or on physical statements or invoices.
  • Include a monthly tip in your newsletter or social media accounts to keep cybersecurity top-of-mind.
  • Encourage your customers and employees to follow your organization or other cybersecurity organizations on social media.
  • Place posters, articles, or other educational materials in the entryway, break room, bathroom, or other meeting areas.
  • Provide cybersecurity resources, control suggestions, or self-audits during account opening.
  • Host an event, such as:
    • For business customers: Plan a lunch and learn event focusing on the latest cybersecurity tips and trends.
    • For the community: Host a cybersecurity awareness day for community members to shred sensitive documents, listen to short presentations, and play cyber-themed games or trivia.
    • For your board: Have a guest speaker discuss the trends they are witnessing, and the risks associated to generate increased buy-in.

Whether you choose to talk with your customers about cybersecurity virtually or in-person, here are some additional considerations to keep in mind:

  • Invite the community: Not only should you include your existing customers, but you should consider expanding your audience to the community at large.
  • Timing: Reach the broadest audience by hosting several sessions conveniently scheduled to cover the most people possible.
  • Location (if in-person): Ensure the location is conveniently accessible and big enough to comfortably host your expected audience.
  • Platform (if virtual): Choose a platform that is easily accessible by your customers, user-friendly, and secure.
  • Partner locally: Pair up with your local chamber of commerce, an area civic organization, or academic institution to add additional community reach or resources.
  • Bring in the experts: If you’re not confident talking about cybersecurity yourself, bring in a cybersecurity expert or someone from a law enforcement agency (FBI, Secret Service, your local police department, etc.) to speak on your behalf. Choose speakers with experience in covering cybersecurity topics. Additionally, consider recording the session for those unable to attend and/or to use for content later.


Sharing a Strong Cybersecurity Culture

Getting out in front of your customers and talking about the importance of cybersecurity is a win/win/win:

  1. You are helping to create stronger customers that are more resistant to cyber attacks, benefiting both you and your customers.
  2. You show your customers they are more than just a number. You’re strengthening relationships and demonstrating care about their well-being.
  3. You have an opportunity to showcase new products, services, or features and boost the usage of current offerings.


Discussing cybersecurity with your customers allows you to highlight the measures your organization is taking to safeguard their information. In today’s market, with cybersecurity being a deciding factor for consumers when making choices, being transparent and forthcoming about your cybersecurity practices and culture can build customer trust and attract new clients.

SBS aims to simplify the process of educating your customers, board, and community about cyber safety throughout the year. The Security Awareness Toolkit provides a comprehensive range of grab-and-go resources, including cyber tips, social media posts with graphics, event ideas, and more. This toolkit makes it easy to demonstrate your dedication to sharing a strong cybersecurity culture.


Written by: Eric Chase, Client Services Information Security Consultant
SBS CyberSecurity


SBS Resources: 
SBS CyberSecurity has been helping organizations identify and understand cybersecurity risks to make more informed business decisions since 2004. If your organization is looking to better understand your cyber risk; build, maintain, or test your cybersecurity program; and make smarter, more informed cybersecurity business decisions, SBS can help.

  • Security Awareness Training: It is SBS’ ultimate goal to best suit the needs of your organization and your customers when it comes to Security Awareness Training. We can host live webinars, provide recorded webinars, and conduct onsite training; it is solely up to you to determine what works best. 
  • Education: SBS is a leading provider of cybersecurity education. We are uniquely dedicated to delivering quality, industry-specific education to financial institutions to empower our clients to take security into their own hands.

Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.

Posted: Friday, August 25, 2023
Categories: Blog