Security & fraud highlight: Cyber fusion centers

TD's global approach to cybersecurity: Adding new layers of protection. With moderator David Heun, Associate Editor of Technology at American Banker and panelist Claudette McGowan, Global Executive Officer of Protect Fusion and Cyber Experience at TD Bank.

Transcription:

00:00:21:02 - 00:00:56:26
David Heun

Hello. I'm David Heun, an associate editor for the technology team at American Banker. And I welcome you to the Safe Room session. And we're going to talk about global cyber cyber security from the standpoint of TD Bank. I'm happy to welcome Claudette McGowan, global executive officer at TD Bank, for this one on one session, where she'll give us plenty of insight into the banks of global approach to cybersecurity and the ongoing issue of making sure all the networks are safe and that all the customers are safe, all that all those things that banks are really good at but have to stay on top of during the course of time.


00:00:57:10 - 00:01:27:18
David Heun

So welcome to the program. And I wanted to just start with you, because with the pandemic kind of overriding everything we've done for the last year and a half, I was just curious from your standpoint with TD Bank, if you you know what your approach was during the pandemic to kind of keep your customers and colleagues safe with the cybersecurity support and also whether the bank itself was kind of ready for this.


00:01:27:18 - 00:01:45:12
David Heun

And then it happened and the customers came. Or if there were some things you had to do to kind of get feedback from your customers as to what they were looking for now that they were kind of homebound and having to contact your digital and things like that. So just kind of an overview of how things played out for you guys.


00:01:46:09 - 00:02:06:15
Claudette McGowan

Now, thanks very much, Dave, for having me. Thrilled to be here today. Really is. You know, it's a great question. You know what? No one was expecting the pandemic. I think everybody had to to mobilize. But one of the things that we're really proud of is this Father-Son model that we adopt and we've been putting in place for some time now.


00:02:06:22 - 00:02:29:13
Claudette McGowan

And so essentially, we have people that work in Canada and the United States and Israel and Singapore, and we take this fusion approach to how we manage our threats So for us, it was, you know, really getting brilliant at the basics when it comes to, you know, understanding what COVID meant for our customers. What it meant for our colleagues and being always on was really critical.


00:02:29:20 - 00:02:54:24
Claudette McGowan

So, you know, did things have to change? Absolutely. You know, we were built to, you know, manage a certain number of the volume. And so so we made some improvements. We made some enhancements, whether it was adding additional capacity. But at the end of the day, what we did was really respond to the changing landscape in an agile way, which makes all the difference, being able to recognize things and pivot as quickly as possible.


00:02:55:14 - 00:03:23:15
David Heun

Very good. You know, I wanted to make sure I'm sure most people know the answer to this, but just to make sure, you know, the word cybersecurity means a lot of different things to a lot of different people. And I just want to make sure what we are talking about here are we talking about, you know, Nation-State cyber attacks organized crime waves of folks in their garage trying to come up with a new gimmick to get out the bank network or just a little bit of everything.



00:03:23:15 - 00:03:36:08
David Heun

You know, you talk about global cybersecurity thinking, well, they're not going to worry about the guy looking to steal somebody's $500 in a savings account or whatever. But you know, I suppose it has to include everything.


00:03:37:05 - 00:04:03:13
Claudette McGowan

Yeah, you're right. It's all of the above. Dave there's there's a script kiddy in the basement pulling some lines of code together, hoping to do something remarkable. And then you've got Nation-State actors as well that are quite interested. And then, of course, people who are motivated by money, cyber criminals who are, you know, looking to, you know, give you a COVID themed email and hope that you click because you want to get the vaccination as quickly as possible or you want to get some PPE.


00:04:03:19 - 00:04:15:22
Claudette McGowan

So we certainly saw some things change as a result, but as well stay the same. The phishing schemes are always there, just now, you know, the lure is a little different when it's tied to things like the global pandemic.


00:04:16:27 - 00:04:38:27
David Heun

As far as the trends go. I mean, there's the bank have a pretty good feel for a trend when right. Right away when they see some pattern to it, too, they kind of keep track of what they've seen. Maybe in some other banks or some communications with other banks to let you know what's going on. Is there a certain process involved in making sure you're on top of the trends?


00:04:38:27 - 00:04:48:22
David Heun

And then the other part of the question would be what are a couple of those trends? You kind of alluded to the pandemic factors, but is there anything else going on out there we should know about?


00:04:49:06 - 00:05:12:04
Claudette McGowan

Yeah, there's a lot going on. There's never a dull day for us in our business. So I have to tell you, when we were members of something called the Financial Services Information Sharing Organization, and so it's FCI stock. So all the major banks are a part of this. And we're not only collaborating with banks, but law enforcement and other agencies as well, other organizations that are in different industry.


00:05:12:04 - 00:05:32:27
Claudette McGowan

And we share information so that something could be happening halfway around the world. But we have a view to what impact could it have on us. And we call these things indicators of compromise. We look at things that happen elsewhere and kind of run them through our system. But if you ask like members of FSI faculty on what are the three big things I have to tell you that the number one thing right now is ransomware.


00:05:33:03 - 00:05:53:10
Claudette McGowan

And I don't know if you can go a week without seeing something in the newspaper or hearing something on the radio or, you know, a feed on one of your your your devices to know that ransomware is on the rise. Well, if you look at the period of February, 20, 20 to March, it was over 140% increase in ransomware attacks.


00:05:53:10 - 00:06:14:02
Claudette McGowan

So this is really, really serious, very significant. And I urge every organization to make sure they have the right things in place to make sure they can manage through these types of attempts. The second thing I would highlight is really supply chain attacks. So you have partners that you do business with you know, perhaps there will be some focus on those partners or your partners of partners.


00:06:14:02 - 00:06:38:06
Claudette McGowan

So understanding your third parties and your fourth parties are pivotal to your, you know, your your organization as well. And then the last thing that we've seen in news is attacks on critical infrastructure, whether it's a meatpacking plant or if it's a water system. These are all very significant things that are happening globally in the world. And we have to look at every single one of them, whether it's a grocery store or it's a university or it's a hospital.


00:06:38:11 - 00:06:49:29
Claudette McGowan

What happened what was the anatomy of the attack? How did it happen? And if it were to happen to any organization, do you have the right control systems, people, processes in place you know.


00:06:51:00 - 00:07:15:02
David Heun

In talking to you just this couple of minutes, you were talking about a lot of information and data that may be coming into the banks, IT teams or whoever's in charge of kind of monitoring how things are gone. And and I've talked to a vulnerability vulnerability management groups, and that seems to be kind of a concern about how much of the state is coming into the bank.


00:07:15:02 - 00:07:36:16
David Heun

So who's deciphering it and how do they prioritize the patch alerts and how they do it in a timely manner? Did you see that as an issue as well, that you can probably resolve maybe a little more common standards or something that would kind of streamline that? Because if you if you get a patch notice, they were saying it might not even apply to the bank.


00:07:36:16 - 00:07:44:11
David Heun

It could be about something else. You got to weed that one out and go to the next one. Are you seeing that kind of mountain of data coming in to kind of keep things safe?


00:07:45:02 - 00:08:05:04
Claudette McGowan

Yeah, everybody in technology knows that you've got Patch Tuesday where you get an update from Microsoft. You've got certain, you know, environments that, you know, you have these Zero-Day attacks or Zero-Day vulnerabilities. A company doesn't even know it exists. Somebody else may find it. You know, it's got to quickly come up with a patch. So zero days are on the rise as well.


00:08:05:04 - 00:08:18:12
Claudette McGowan

But to be quite honest with you, you have to look at those patches, you have to look at those updates, make it a priority to put them in the moment. You've tested them and know that they do what they're supposed to do. The second thing you have to do is you've got to make sure that you're looking at them.


00:08:18:18 - 00:08:38:17
Claudette McGowan

Are they high? Do they have major implication? If you don't have it done within a certain time frame, are they medium? Are they critical or are they low? So that kind of segmenting and making sure you understand what the patch can do and what your exposures are very powerful. So. The good news is, you know, when I started my career, it was a couple of people in the room trying to figure it out.


00:08:38:18 - 00:08:53:24
Claudette McGowan

You know, CSI the wall and you got all the pictures and you trying to figure things out on your own in this world. Now, we're using things like artificial intelligence and machine learning. So there's great tools and systems that help us feed in all this data and help us with that prioritization as well.


00:08:54:23 - 00:09:17:29
David Heun

You know, the customer of the bank plays a role in security, whether they know it or not. Sometimes they're good at it, sometimes they're not very good at it. But from that standpoint, I was just kind of curious, as to what, you know, what kind of a level do you put cyber literacy at? You know, getting conference for the customers and the colleagues, securing a safe environment at work and people working from home.


00:09:18:26 - 00:09:36:12
David Heun

There's got to be a lot involved in that. And then from the same standpoint, educating the customers as to what the stuff is. I mean, you see a new thing on your mobile banking app. It's a security is a security measure, but it's a new thing. And they may or may not take the time to figure out exactly how it works or what it does.


00:09:36:12 - 00:09:39:16
David Heun

But is it is that kind of an ongoing process as well?


00:09:40:01 - 00:10:01:04
Claudette McGowan

It is, Dave. And I have to say, cyber hygiene is pivotal for everybody. It doesn't matter if you've got a you know, a business or you've got you know, you're an individual, your regular everyday consumer. Cyber hygiene is important for every single one of us. And believe it or not, we can be the object of desire from one of those threat actors that we spoke about earlier.


00:10:01:10 - 00:10:20:16
Claudette McGowan

So it's absolutely essential that we educate ourselves and we do that in a way that is meaningful for each and every one of us. So we spend a lot of time with our our customers. We do things on social media channels but we also have things in play with webinars and things like that will help our our customers out.


00:10:20:16 - 00:10:37:29
Claudette McGowan

So we find ways to educate our customers and our colleagues internally. We have a podcast that we have over 60,000 people that listen to it on a regular basis, and that tells us that there's a thirst for learning. People want to know more about how to not only be connected, but to be protected as well.


00:10:38:24 - 00:11:04:11
David Heun

You know, but behind the scenes, there's got to be employees that know how to do this stuff or not develop the coding and the apps that are needed to kind of maybe troubleshoot the third party partners, all that, all those kinds of things have to happen. But can you kind of describe the work that TD does to develop cybersecurity talent and, you know, kind of enhance that literacy, especially if you're talking about a global thing?


00:11:05:14 - 00:11:26:03
David Heun

That in itself has to be kind of a tricky notion in terms of making sure every is on the same page. I also believe that the fact that, again, there's so much stuff changing and being updated and upgraded to make it better. That whole thing has to kind of take some time. But where do you find the people to do this kind of work?


00:11:26:04 - 00:11:40:21
David Heun

I mean, I've I've heard of some banks. They had big projects and they were worried that they wouldn't be able to find anybody who wanted to build something from scratch. They want to work somewhere where they you know, there's a big name and a big project already in place that they can add on to. But how does that work on your end?


00:11:41:07 - 00:12:04:09
Claudette McGowan

Yeah, I think we we take the approach that you buy talent and you build talent. So we have people internally that we, you know, put them through training programs, certification programs and really, you know, build that culture of continuous learning. But we also partner with universities and colleges and also do a lot of work with other agencies. Access for one is an agency that we are helping women in technology right now.


00:12:04:09 - 00:12:25:15
Claudette McGowan

There's only 24% of the people in technology are women. So we try to, you know, reach out to different communities and make sure that we're being you know, really thinking of really broad look at what is available, who's out there. And some people are looking for mid-career changes as well. So we certainly go to the universities and colleges but we also look for people who are looking to do mid-career pivots as well.


00:12:25:21 - 00:12:50:18
Claudette McGowan

And we have education programs. We're co-creating a program with a local university here in my market where I work out have and building these programs that are specific to roles. So the operations analyst who's looking at the screen and looking at those indicators of compromise and monitoring the system, the incident responders who actually now solve the problems and get to the meat of what's going on versus folks that work in our intelligence agency.


00:12:50:23 - 00:13:00:08
Claudette McGowan

So even within our organization, we've got a team focus on intelligence that's happening out in the world, providing us with the contextual view of what does this mean to us at TD Bank.


00:13:01:09 - 00:13:27:10
David Heun

You know, the more I think about your job, Claudette, I kind of think that the aspect of, you know, partnerships and bringing in third party providers and all of these things that they are all the agencies, you know, throw caution to the you know, you got to be really careful with this in the digital world. What's that like from your standpoint in terms of global partnerships?


00:13:27:11 - 00:13:33:26
David Heun

And does TD Bank rely on a fair number of third party apps and things like that as some of your networks?


00:13:34:22 - 00:13:51:18
Claudette McGowan

Yeah, I think everybody in the ecosystem has a degree of partnerships, and you always have to make sure that you're going through all the proper controls that you you know, your cultures are aligned, that you're the way you approach security is aligned. You know, there are some things that are pivotal to us that they're just you know, ticket to the to the game.


00:13:51:24 - 00:14:10:23
Claudette McGowan

You have to have certain things in place. You have to have the right controls around physical space, logical space, things like I'll give you an example encryption, making sure that data is encrypted at rest and also encrypted in transit. Those are some of the things that are really important to an organization like TD Bank. And then also making sure that you're training your people.


00:14:10:23 - 00:14:31:08
Claudette McGowan

So you ask me, how do we you know, we have 90,000 people that work at TD Bank. We put them through training every year on cyber security, and there's a test and there's a target. And then you want to make sure that you're testing for an understanding. I have a team that does phishing simulation, so maybe you got 80% of the test data and we think, Wow, you're phenomenal.


00:14:31:14 - 00:14:52:20
Claudette McGowan

Well, then we do a simulation. Then we say, Is Dave going to click on the link that he's not supposed to click on the link that he said in the training. He wasn't going to click on the link. And so we're testing the organization and always trying to, you know, build that muscle because it just takes a quick second to make a decision and not give you that extra you know, thought and then, you know, create exposure for the organization.


00:14:52:20 - 00:15:08:27
Claudette McGowan

So we really invest in people because at the end of the day, when you look at why cyber attacks occur, what the challenges are, in many cases it's human error. So we have to make sure that we're building that human firewall just as much as that technical firewall to you.


00:15:08:27 - 00:15:36:17
David Heun

And you would definitely want to double check on what I'm clicking on as a follow up in terms of your global situation. Again, in my mind, I'm thinking that, you know, when you talk about the different layers that TD Bank introduces to cyber security would that be or would that be a geographic thing? Would there be certain layers of security that are needed in other parts of the world that wouldn't be needed here?


00:15:36:17 - 00:15:49:28
David Heun

Or is it becoming a universal thing where because the crooks can attack from anywhere, the security has to be pretty much the same wherever, wherever you go? Is that kind of how it works or are there different things that come into the thought process there?


00:15:50:14 - 00:16:13:25
Claudette McGowan

Yeah, that we have strong standards and controls and it goes across our entire footprint. We want to make sure that we're doing everything to protect customer trusts, colleague trust, the trust of our people in our ecosystem and the companies in our ecosystem as well. So so there are some non-negotiables regardless of market, and it's all about protecting people, protecting privacy, protecting data and protecting trust.


00:16:13:25 - 00:16:34:10
Claudette McGowan

So, yes, 100%, it's not, hey, these get this group gets a little bit less than that group and we operate as one team. So the team in Singapore and Israel, United States and Canada, they all report to me. And what we do is we run it as one team. So there are shift turnover between the different markets. There's overlap and you know that collaboration is essential.


00:16:34:17 - 00:16:51:20
Claudette McGowan

It is essential if you ask me like the three things, I was called the ace model. You know, I've coined it ace, it's automation because that's going to give you the speed and agility. It's collaboration to those partnerships, internal and external and the last thing really is it it's about this. Our overall effectiveness and our ability to execute.



00:16:51:29 - 00:17:00:18
Claudette McGowan

We have to execute with precision when it comes to the space you know, the bad guys can be lucky one day. You know, we have to be brilliant every day.


00:17:02:04 - 00:17:35:28
David Heun

Yeah, that's that's an excellent way to put it because they're not going to stop. They're very good at what they do and in their 20 47 operation as well. So, you know, as far as that goes in looking ahead in the future, I would imagine that in your position you have these security employees reporting to you and then you go up the ladder to the executives of the bank and say, here's what we need or here's what I think's going to happen a few years from now, you know, the due diligence process.


00:17:36:05 - 00:18:04:06
David Heun

And I would always kind of view that as a difficult task because cybersecurity and fraud is changing on the dime. Almost all times since this session began, something new probably came up, you know, so what is what's to due diligence like? What's this ever evolving future of cyber cyber security look like to you for financial services and across other industries that the bank touches and has to to work with?


00:18:04:18 - 00:18:24:16
David Heun

And I think, you know, it was talked about earlier the supply chain fraud and all that kind of stuff. You know, who would have worried about that five years ago? So how do you do that? How do you explain it to your your your your bosses about what you need to do next and how you think this is going to be evolving over time?


00:18:25:01 - 00:18:47:28
Claudette McGowan

Thank you. Thanks for highlighting that. Everybody has a boss. You're quite right. I have a boss and my boss of the boss and ultimately, it's about the the safety and the security of the organization. And to be have that level of realism, what is actually going out there? What are the threats and educating? I talked about how we educate the 60,000 or the 90,000, but we also make sure that we're educating our boards.


00:18:48:14 - 00:19:08:18
Claudette McGowan

And our most senior leaders can tell you the top to me threat just like what I should with you. I know that my CEO, I know that my global group head can explain the same things to you. So making sure that from the front line to the top of the house, everybody understands that cyber risk is business risk and it's we have to be resilient.


00:19:08:18 - 00:19:38:16
Claudette McGowan

And so education is so pivotal to an organization. Having cyber security and cyber like from a cultural perspective, really getting everyone immersed in why this is critical, what the threat vectors are and contextualizing it. So you understand what does it mean to you in the tax department? In the legal department, in the call center, it's really important to some of our trainings actually targeted and and tailored to certain roles, like the role of the developer, for instance.


00:19:40:01 - 00:20:11:17
David Heun

What about it? What about across industries? You know, I would imagine when I think about a bank, I think about merchant clients and retail clients and some corporate business. And so, you know, investment banking or whatever it may be, there's there's different industries are engaged with this process now. And do you see any particular industry becoming more prevalent in the banks purview in terms of who you need to communicate with work with on this type of cybersecurity task?


00:20:12:14 - 00:20:20:26
David Heun

Any new industries you see developing that are going to be automatic targets for fraudsters, and you're going to have to play a game and helping them move along?


00:20:21:13 - 00:20:43:19
Claudette McGowan

Yeah, I really love the public and private partnership that we're seeing, and that continues even more so. But also across industry. You know, we recently heard from, you know, the aviation industry. What are you seeing? What are we seeing speaking to different governments globally and giving a perspective on, you know, what they're seeing as well. So cyber is not industry specific.


00:20:43:28 - 00:21:03:16
Claudette McGowan

This is something that, you know, if you have a small business with the rise of digital transformation, you know, everybody is trying to transform their business to be more digital and you have to build in security and protection from the very beginning. It can't be a bolt on. So so I'm working with industries, you know, wide and deep.


00:21:04:07 - 00:21:14:17
Claudette McGowan

So and we're learning from one another because that's that that's where the collaboration comes in is that you learn every time we go to one of these sessions, we learn something new. We spend time with students, we learn something new.


00:21:15:21 - 00:21:40:26
David Heun

You know, the they trust is don't blink an eye when they see the government make a movement, as any saw. We saw that with the CARES Act, the coronavirus relief and now the infrastructure bill has been signed. So there's going to be a lot of contractors and construction and supplies and numerous different tangents being performed to get all this work done.


00:21:41:08 - 00:21:56:11
David Heun

I would imagine the banks probably already discussing these types of things as to what what types of security layers will be needed in that world. Am I thinking too far ahead or is it reality that we have to face here pretty quick?


00:21:56:18 - 00:22:18:18
Claudette McGowan

It's the reality. And I have to say it started long before the pandemic. Just thinking about the multiple layers, whether it's data, whether there's networks, whether it's application, we look at everything in the entire stack. And then, of course, everybody who does the who interacts with it is really important to understanding the full ecosystem. You heard me talk earlier about third parties and fourth parties.


00:22:19:00 - 00:22:26:24
Claudette McGowan

It's essential, Dave, I have to tell you, you can't no one's going to win this war alone. It is going to be one through partnerships and collaboration.


00:22:27:13 - 00:22:51:21
David Heun

And one of the security vendors in the last sessions said he'll never be out of work. You know, so it's one of those things that you always know that it's going to be out there and somebody has have to address it and deal with it. With TD Bank, I would imagine that the branches and the interaction with people, all that stuff could become points of interaction.


00:22:51:21 - 00:23:08:24
David Heun

And the Fosters will look at those as potential security gaps too. They look at the third party apps that are in the websites, all that stuff. Does your team get down to that nuts and bolts or there specific IT teams in each bank or something like that for that?


00:23:09:06 - 00:23:37:12
Claudette McGowan

Yeah. Where the end to end protect organization for the bank. So we get involved with everything. So what you're describing is a mobile application or maybe there's a web application. We are involved with all of that. So Enterprise Protect is that protection layer for the bank across all environments, whether it's the capital markets, PD securities business, whether it's our, you know, branch banking, whether it's our call center, it truly is enterprise protect channel.


00:23:37:14 - 00:23:56:01
David Heun

How do you how do you locate or corral like a website spoofing? If somebody has a fake TD Bank site somewhere and I wouldn't imagine it wouldn't take long to figure out it was out there. But what happens? What's the process? You getting that kind of thing shut down yeah.


00:23:56:01 - 00:24:11:29
Claudette McGowan

There's a there's a technology called Web Beacons. So we actually have a a a beacon type technology that it's almost like a call home. If you see something that looks like like yours or it's been scraped, you have a the ability to get a clear view of where it is. And then we go through the process of taking it down.


00:24:11:29 - 00:24:17:06
Claudette McGowan

So that's something that, you know, most businesses are using today. So what technology?


00:24:17:13 - 00:24:20:12
David Heun

Yeah. Okay. So what it's like to call home.


00:24:20:12 - 00:24:21:01
Claudette McGowan

Exactly.



00:24:21:19 - 00:24:59:14
David Heun

That's pretty good. I'll have to follow up with you on that. In terms of the vast amount of information you deal with and have to decipher and share if you were going to be talking while you are talking, you are talking to an audience at the session today, what would you say would be a key takeaway for an individual or a group or a team if they were listening and they have to listen to this afternoon to us, what would you describe to them as the things that probably should stick in their mind when they walk away from the from this session and from the conference this week?


00:25:00:07 - 00:25:24:14
Claudette McGowan

Yes, the the few things I would say is one wherever possible, turn on multi-factor authentication. That's really critical. And a lot of times when people have a personal breach, it's because they didn't employ multifactor authentication. So think about your home, although the lock would be like the first level of authentication and then perhaps having, you know, a deadbolt or having, you know, a camera.


00:25:24:14 - 00:25:50:25
Claudette McGowan

But having multiple ways to kind of protect yourself is really important. Also understanding your exposures. So when you hear of a company that's been impacted or an organization and you think, oh my gosh, I'm so sorry to hear about that, for them, if you do business with them, you may have been impacted as well. So going to sites like breach alarm dot com and others will let you know if your email, your phone number, anything around your personal identity has been impacted.


00:25:50:25 - 00:26:17:24
Claudette McGowan

So you just understand your own personal safety, security and posture in general. And then also I'd say the last point is education. You cannot stop learning about this. And something I learned two weeks ago might be no longer valid and something new has come up today. So that constant feed. So whether you're getting news clips or you're listening to podcasts, but just education in general is really pivotal and you can't stop learning.


00:26:17:24 - 00:26:19:22
Claudette McGowan

We're always going to be learning in this space.



00:26:20:23 - 00:26:43:16
David Heun

Well, I think of that in terms of the bank customer, too. When I was I was and I ask you, when you were talking about the multi-factor authentication, there was a time when that first came out, especially for the online business that they were worried about the friction with the customer. And I've been writing about that for so many years now, and there's been a lot of thought put into that.



00:26:44:11 - 00:27:03:06
David Heun

But I don't know off the top of my head whether a customer still in this world of need of the need for security and all this stuff they worry about cybercrime. Will they still be turned off? I haven't asked the answer. A couple of questions each time I log in, that's something. Or is that being eased a little bit?



00:27:03:12 - 00:27:07:05
David Heun

And I know the banks have worked hard to kind of make that as frictionless as possible.



00:27:07:28 - 00:27:28:22
Claudette McGowan

Yeah, definitely. And we recently moved to a one time passcode technology that it does make it a much more ease of easy experience and more seamless experience. What I would say is that, you know, if you ever speak to somebody who's been impacted, like you talk about going to the left the boom is before something happened. Then things go boom, and then you talk to people on the right of the boom.



00:27:28:28 - 00:27:48:15
Claudette McGowan

They'll tell you, I wish I would have just turned on multifactor authentication. So I think we have to learn from people who've gone down that path before. These are simple things that you can do that could save you a whole lot of pain in the long run. So I'm a big advocate for it across all platforms because I think it's really pivotal for our personal cyber security.



00:27:49:06 - 00:28:08:12
David Heun

Is your team responsible for educating the customer, the bank customers too, or do you tell some other team that's, you know, what, these people need to learn how to use this feature? Because it's really important for my team. And so, you know, if you guys can explain this to the customer, that'd be helpful. So I have to think that's a monumental task as well.



00:28:08:12 - 00:28:17:22
David Heun

I mean, I get notifications on my phone all the time about a new upgrade of some some sort and I'll look at it and I'll think that looks like I've been good, but I never get around to where to use it.



00:28:18:12 - 00:28:18:27
Claudette McGowan

Yeah.



00:28:19:17 - 00:28:23:07
David Heun

That happened with my mobile banking app. I feel like I was missing something yeah.



00:28:23:17 - 00:28:51:24
Claudette McGowan

That's back to the partnership. So we'll work with teams internally who have the direct relationship with the customer. And as I said, we're also on social media channels and that's available to anybody in the world to see. We put out daily tips, reminders, you know, books to read, just to remind people that there's, there's, there's more exciting ways to learn about this space it's not all dry and it's just three or four changes in behavior because a lot of the times we know what to do, Dave, we're not doing it.



00:28:51:24 - 00:28:57:09
Claudette McGowan

So the behavioral change, we need to get people over that hump to actually make the changes and as quickly as possible.


00:28:57:18 - 00:29:16:10
David Heun

Right. Yeah, I definitely would agree with you on that. You know, call if you could give a shout out. We've got about a minute left here. If you give a shout out to somebody behind the scenes who doesn't get enough notoriety on the staff that you've been working with, and you're saying, if we didn't have these people, we'd be in trouble, who would that be able to be, the people doing the coding?



00:29:16:10 - 00:29:17:29
David Heun

Or is there just too many to think about?



00:29:18:21 - 00:29:38:20
Claudette McGowan

You know, it's interesting the people who do cryptography, you know, the the encoding of secrets, the the protecting the information as it travels, as it resides, you know, as it sits at rest. What I found in the past is that you'll ask people, do you have a backup? And they'll say, yeah, we have a backup. Have you tested the backup?



00:29:38:20 - 00:29:59:03
Claudette McGowan

Oh, have I tested it? You don't want to be testing those things in prime time. And things like encryption at rest are really important. So I want to give a shout out to folks that probably don't get it. Get a Mustang's is that people who actually work on encryption technologies, everyone's doing a wonderful job. But how often have you heard someone say shout out to the cryptographers?



00:29:59:18 - 00:30:17:03
David Heun

All right, well, that's why I brought the question up. I thought, you know, with all just talk about security, it's about time we mentioned the people who really do the nuts and bolts stuff. So why can't we accept the end of our time here? I really appreciate you taking the time to enlighten us about banks. We're all in this world security.



00:30:17:14 - 00:30:22:25
David Heun

And I wish you luck with your future endeavors and pass along our kudos to your team.



00:30:23:07 - 00:30:24:28
Claudette McGowan

Thank you so much, Dave. Okay.



00:30:25:22 - 00:30:25:27
David Heun

Bye.



00:30:26:10 - 00:30:26:28
Claudette McGowan

Bye.