-
Comerica has settled its Experi-Metal hacking case out of court, despite an earlier vow that it would appeal. It's a sign of how new security guidelines are starting to affect banks.
August 3
Can "Stop.Think.Connect" become the new "Stop, Drop and Roll"?
The National Cyber Security Alliance, a public-private partnership on cyber security, hopes its new online-banking safety slogan can achieve the same success as the likes of "Only YOU Can Prevent Forest Fires" and "Friends Don't Let Friends Drive Drunk."
Those campaigns famously helped promote fire safety and curb drunk driving, and a campaign of the same magnitude is necessary to educate online banking users, the group says.
"We don't have in cyber security what we do in other social issues, like communicable diseases and fire safety," says Michael Kaiser, executive director of NCSA. "These are societal issues that impact everyone."
On Monday, NCSA released the results of a small-business survey that shows small-business owners are woefully unprepared for cyber attacks, though they are increasingly the victims of such attacks.
NCSA works with the Department of Homeland Security and the Anti-Phishing Working Group and companies like Microsoft Corp., McAfee Inc. and Symantec Corp. It also works with a number or financial services companies including Bank of America Corp., PayPal Inc. and Visa Inc.
Bank of America, which sits on NCSA's board, says a strong public education program is necessary to reduce fraud.
"The general public is not aware of the threat out there against them, and small business is yet another area where we are starting to build a different and more in-depth view [of security]," says Keith Gordon, a senior vice president for online and mobile channels at Bank of America. He is also a security identity and fraud executive.
To get the word out, Bank of America will work with the U.S. Chamber of Commerce, a trade group, to disseminate information to small-business owners about online security, including basics like the importance of updating anti-virus protection and dedicating one secure computer to online banking use.
Like a lot of top banks, Bank of America also uses parts of its website to educate consumers and small-business owners about security.
"The question for small-business owners is, 'How do I protect my identity and personal information?' and the role of the bank is to provide as much education and training around this topic as they possibly can," Jacob Jegher, a senior analyst with the research firm Celent, says.
Part of the problem for small-business owners is that security protocols are often unclear. Some small businesses use online banking products that are simply rebranded versions of consumer banking. Others use more complicated tools.
Mandatory security education should be a component of whichever product the business owner uses, Jegher says.
A September study, conducted by Zogby International for NCSA and Symantec, shows a stunning lack of awareness around security issues.
Some 40% of small-business owners said they do not have a contingency plan for dealing with an attack that results in the loss of credit-card information, employee or customer identification, or theft of intellectual property. Nearly 50% lack even an informal security policy.
"There is a collective vulnerability that is kind of scary," Kaiser says.
The average loss due to cybercrime is close to $200,000 for small-business owners, according to the survey, and more than half close up six months after a cyber-attack.
The banking and small-business worlds must also stop treating each other as adversaries, experts say. That adversarial relationship has been increasingly evident in the past year as important online banking breach cases have been litigated, sometimes placing the blame on the small business and
"We want to defend our community together and the mentality should be 'Us against the bad guys,' with recognition that if someone has been negligent, they are negligent," Kaiser says.
NCSA offers its "Stop.Think.Connect" slogan and logo to banks and other organizations free of charge. But is it catchy enough?
"Stop.Think.Connect is not that memorable," despite its resemblance to the successful "Stop, Drop and Roll," says Julie Conroy McNelley, a senior risk and fraud analyst at Aite Group LLC.
For a slogan to succeed, "it has to be the kind of language that speaks to everyone," McNelley says.
