Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Sony breach turns bank's focus to users

Maria Korolov | April 6, 2015
After the recent wave of high-profile breaches, New Jersey's Provident Bank decided to focus on the fundamentals, with a three-part strategy to educate new hires about security, train existing employees to be vigilant about phishing attacks, and increase the awareness of data security for everyone at the bank.

Blue bank vault

When New Jersey's Provident Bank was founded in 1839, Martin Van Buren was president. The First Opium War was getting going in China. And, in Boston, the American Statistical Association was just being founded.

Provident is the 11th oldest bank in the United States. It survived the Civil War, the Great Depression, the savings and loan crisis, the dot-com bust, and this century's global financial meltdown.

Last year, the bank celebrated its 175th anniversary, otherwise known as its dodransbicentennial.

Last year was also an opportunity for the bank to watch as one great institution after another suffered massive attacks from cybercriminals.

"Seeing these large companies fall victim to data breaches reinforced how much energy we wanted to spend on protection," said Nathan Horn-Mitchem, the bank's vice president and information security officer.

Nathan Horn-Mitchem, the bank's vice president and information security officer

And banks in particular have a much higher burden of responsibility than retail companies, he added. And not just because the stakes are higher.

"When Target or Home Depot gets breached, customers get mad and stop shopping there for a while," he said. "If you're a Target person, you might go to Walmart for a while."

But giving up your favorite store requires sacrifice. There's usually a reason why people prefer one retailer over another, and those preferences are hard to change.

"So, eventually, you go back," he said.

That's not the case for banks.

"We have one shot at this," he said. "We have one shot to keep customer information safe."

The bank decided to focus on the fundamentals, with a three-part strategy to educate new hires about security, train existing employees to be vigilant about phishing attacks, and increase the awareness of data security for everyone at the bank.

On-boarding
In the past, onboarding new hires involved a quick introduction to information security.

After the latest high-profile breaches, that changed. Now, new employees get more than an hour of training about security.

But the training doesn't focus on the bank's data.

"We spend the majority of the time helping them understand how to protect their own name, their own social -- everything they need to protect their own personal life," he said.

They learn why they need unique, complex passwords and two-factor authentication.

The idea is to get employees developing good security habits at home, so that those habits follow them to the office.

Another benefit is that employees become more vigilant about security issues in general.

"I've had employees call me and inquire about a process the bank follows or suggest an improvement because they have moved into that security mindset," said Horn-Mitchem.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.