As international criminals and fraudsters have become more organized, well-funded and determined in their nefarious efforts to steal and disrupt financial institutions, the banking regulators have focused on helping institutions to improve their cybersecurity programs. A general overview of what institutions need to do to prevent or detect cyber-attacks includes:
- Assess cyber risks
- Monitor cyber threats
- Report cyber attacks
- Implement a cybersecurity plan
- Protect the institution’s customers
- Train all employees
Training employees is also part of the risk assessment tools from the FFIEC and the NIST. For instance, the FFIEC’s Cybersecurity Maturity Assessment Process includes Domain 1: Cyber-Risk Management and Oversight which states that “cyber-risk management and oversight addresses the board of directors' (board's) oversight and management's development and implementation of an effective enterprise-wide cybersecurity program with comprehensive policies and procedures for establishing appropriate accountability and oversight”. A key part of cyber-risk management and oversight is “training and culture” which includes the institution’s “employee training and customer awareness programs contributing to an organizational culture that emphasizes the mitigation of cybersecurity threats.” The NIST cybersecurity framework also includes protecting against cyber threats through cyber awareness and training.
Cyber-threat training and awareness programs should be structured to modify or even change behavior for some employees. For instance, employees may click on malicious email links without evaluating the risk embedded in the link. Awareness training should reinforce how to avoid clicking on malicious links and procedures for reporting the fraudulent email.
To assist bankers with the training and awareness component of their cybersecurity risk management program, this important webinar will focus on methods for developing and administering an in-house cybersecurity training and awareness program. Although there are third-party vendors that can assist with this type of program, it is the responsibility of management and the board to have an effective in-house training and awareness program in place.
Please join Gary Deutsch, CPA MBA, as he discusses how bankers can develop an effective cyber-risk training and awareness program to comply with regulatory cybersecurity guidance.
WHAT YOU’LL LEARN
In this informative webinar, we will cover:
- Creating an overview of cyber risks that impact employee behavior including social engineering, phishing, mobile code, hoaxes, and password security
- Methods to communicate the importance of information systems security
- Types of threats to include in your training program
- How to train employees to avoid malicious code
- Developing user roles and responsibilities related to employee behavior towards cyber risks
- Identification of where cybersecurity policies should be in place
- And MUCH MORE!
YOUR CONFERENCE LEADER
Your conference leader for "Cybersecurity Training: Security Awareness” is Gary Deutsch, president, BRT Publications LLC. Mr. Deutsch is a licensed CPA in Maryland and has a B.A. in accounting and an MBA in finance from Loyola University Maryland. He has also achieved the Certified Management Accountant, Certified Internal Auditor and Certified Bank Auditor designations. Mr. Deutsch is the founder and president of BRT Publications LLC.
Mr. Deutsch has trained thousands of financial institution professionals in all aspects of risk management and has written numerous books in the U.S. and Europe on topics such as credit risk, internal audit and compliance with Generally Accepted Accounting Principles. Mr. Deutsch has extensive risk management and internal audit experience through his association with financial institutions of all sizes as well as through his role leading the KPMG financial institution consulting practice in the Mid-Atlantic region.