The Impact of Cybersecurity on Your Digital Strategy
Available On Demand – 17 minutes
The need for banks and credit unions to have digital and mobile banking initiatives has gone from a nice to have to a must have – especially in the post COVID world. What do you need to consider when it comes to cybersecurity and building out your digital strategy?
Tune into CCG’s Webcast with host Scarlett Sieber and special guest, Viviana Campanaro from Jack Henry to discuss best practices and key areas financial institutions should focus on to ensure security both for yourself and for your customers in the digital era.
Subscribe to CCG Insights.
[restrict]
Scarlett Sieber Welcome back to CCG Catalyst’s Webcast series. We have a another installation of our great series for you today. This week, we’re going to be talking about the impact of cyber security on your digital strategy. There is so much happening as it relates to digital, the movement to digital and mobile. So we definitely want to hit on one of those key components that could impact that strategy, which is around cybersecurity. We have a guest this week and Viviana Campanero, who is the solutions engineer at Jack Henry and Associates. Viviana, thank you so much for being here.
Viviana Campanaro Thank you for having me.
Scarlett Sieber So as we think about this topic, you know, one of the things that we do a lot on this is CCG Webcast series is talk about the the move to mobile, the move to digital and how that is coming from a nice to have to a must have. And that’s certainly true now. So before we get started, let me give you some high level housekeeping rules. Again, I am Scarlett Sieber, Managing Director, Chief Strategy Innovation Officer here at CCG Catalyst. And you will see right below, Viviana and I, we have our pictures. That is our bios. You can click there. You’ll have Viviana’s entire background. You have to connect with her on LinkedIn. You have all of my social platforms. You can email me as well. If you need to contact us. Do that there to the right, you have that CCG logo. That is your go to resource for all things CCG. You have articles, blogs, you name it, our website, you can get a lot of information. To the left, there is that Q&A button. You use that at your disposal as well. We would love to hear from you. We’ve talked a lot about these topics and try to give you the most relevant content that we think you want to hear about, but there’s anything else you want to know, please use that. We will get back to you throughout the duration of the webcast. And if not, we will definitely get back to you by end of day and without anything else, let’s get going. So from someone like a Jack Henry, who has a lot of clients in the financial service space on the bank and credit union side, really what are rom your perspective Viviana, what are some key areas for banks to consider relative to their mobile and digital strategy?
Viviana Campanaro Well, there’s a lot out there and cyber security is top of mind in all of our customers in our travels. I’ve been with Jack Henry for the better part of four years. And throughout those four years, I’ve worked with hundreds of financial institutions coming to us with questions around cybersecurity, with concerns around cyber security. And obviously, you know, mobile and digital banking are what our customers, our members are asking for. So it’s the next generation of banking and the next generation. You know, we have millennials using our mobile banking platforms day in and day out. So it’s important to have that conversation with our customers. And cybersecurity being top of mind drives three major points that I would say continue to be the biggest threats that concern our customers. The first one being fraud. Obviously, there are many, many different versions, iterations and examples of fraud. And that impacts the mobile and digital banking platforms more pervasively we think now than your traditional robberies and holdups at your financial institutions in your brick and mortar building. So fraud in the form of obviously theft but more specifically, elderly abuse. We see a lot of examples of fraud in the form of elderly abuse because the elderly have very limited knowledge of technology and therefore rely on others to help them navigate the mobile banking environments in many cases. So it is a concern. Human trafficking is a big concern that we’re seeing now financial institutions being involved in. Unknowingly of course, because nobody enters into that knowingly. But that is a form of fraud that is a form of cyber security top of mind for financial institutions. Along those lines, the second biggest concern is social engineering and phishing. Everybody talks about it. Every single conversation we have invariably touches on phishing. So it’s important to understand the different vectors, as we call it, in the IT world of phishing and social engineering that impact mobile and digital banking. And there are countless examples out there. And the third point, and then, you know, fraud and phishing lead to that is the lack of security awareness in our consumer environment. So those are topics that are always in the conversation. And one point or another. So how do we educate our consumers, our members or our customers to use our technology appropriately and responsibly? What are some things that we as financial institutions can do to enable that technology securely for our customer?
Scarlett Sieber Yeah, I’m curious, given the new reality that we live in in 2020 and the serious move in all of our lives to this this virtual world, have you from the kind of Jack Henry perspective or more broadly seen an increase in some of these things that you mentioned? Because I certainly have seen a lot of news headlines around people, you know, froths are trying to take advantage of the fact that people who maybe had never used online mobile banking before are now testing and that. And so really trying to to use that to their advantage. Have you seen that from your side an uptick since this new this new virtual world we live in post COVID?
Viviana Campanaro Most certainly. And in fact, it will be the topic of one of our own upcoming events in cyber security. The pervasiveness of the threats and phishing scams and attacks and cyber security tricks and tips. They’re out there, you know, targeting mobile banking and digital banking, but also just the situation that we’re in. Everybody is going virtual. Everybody’s gone to work from home. A lot of homes don’t have the sophistication and technologies to secure a lot of those transmissions. So there are a lot more and more cases of individuals falling victim to these scams because we’re dependent on a lot of information on social media now that we’re just basically ensconced in our own private environments. So there are a lot of opportunities out there. We have seen an increase in VPN technology sales, for example, and security awareness training believe it or not, to educate all of those individuals, not just the consumers, but the employees of the financial institutions, are now working from home to secure their environments and use this technology responsibly. So for sure, an uptick in cyber security.
Scarlett Sieber That makes that makes a lot of sense, and I suppose it’s encouraging to hear that there is the proactive response from a lot of these players to make sure that they’re on top of this. So when you think about kind of cybersecurity at the broader perspective, where do you see the biggest opportunities now directly relating it to mobile and digital banking? Where can we really spend our time and effort it as bank executives? Where what should our bank executives and credit union executives be thinking about when they think of opportunities for cybersecurity moving forward?
Viviana Campanaro Yeah, absolutely. Well, obviously, the biggest opportunity for mobile and digital banking is greater coverage, right, for your customers, better quality of service and the availability of services when they need them at their fingertips. With that comes a slew of other things to consider. The first of which would be the threats. What are the threats that come with offering a mobile banking solution to your customers? And, you know, there are a lot of sophisticated threats out there involving your payment systems. You know, we talked about phishing. We talked about, you know, the fraud aspect of it, money mules. You know, there are a lot of organized crime organizations that use mobile banking because it’s you know, it’s available on your cell phone. So, you know, burner phones with mobile apps is not an unknown thing. So it’s understanding the threats that come with a mobile or digital banking technology solution that you’re implementing and offering to your audiences is important. You need to understand what those threats are for your particular deployment and how you can minimize the impact of these things. Understanding that the threat is never really going away. So it is important to understand the complexity of the environment that you’re introducing this technology solution and how you’re navigating that environment and you need to have expertise in-house. So the biggest opportunity here is, is not to just understand the threats, but have the expertise at hand to deploy these and maintain these appropriately.
Scarlett Sieber I think that’s a very good point. You know, as financial institutions we are in the risk mitigation business and you know we certainly have risk profiles that we use to assess a variety of opportunities as we look to kind of build and grow towards a future. So from your perspective, how does a mobile and digital first strategy kind of impact financial situations’ risk profile?
Viviana Campanaro Yeah. Absolutely. And, you know, having worked in risk management for the balance of my 25-year career, I feel the pain. I used to work in banks and risk management was one of those key initiatives that many shied away from, because we just want to be out there working with our customers. So who wants to think about risk? But it is there and you have to address it. So, you know, when it comes to mobile and digital strategies, you need to understand and I’m sure many of our constituents understand that e-banking activities will increase the complexity of your transactions and the quantity of your transactions. So right there, complexity and quantity is increasing your risk because there are more opportunities for things to go bump in the night. So your operational risk as we know it in the risk world is where e-banking activities get classified when you’re when you’re looking at a problem from an academic risk management perspective. So the operational risk management component of your risk profile is where you need to focus your attention. So risk arising from fraud. As we discussed, processing errors, you know, the system disruption, sometimes things happen and our systems may go down. Unanticipated events, you know, natural disasters, all of those things that impact your ability to deliver those products and services are things that must be included when you’re considering a mobile strategy and the impacts to your risk profile for sure.
Scarlett Sieber Yeah, and I think, you know, as as we said, kind of starting off with the world as it is now. I mean, we’ve definitely moved from this mobile and online strategy from a nice to have to a must have, because that’s what your customers and members are expecting. And so you have to respond to that and the more proactive you can be, the better. But to your point, when you’re putting together this strategy, you can’t just be reactive and not think about the larger implications of what could happen by doing this. So what should banks and credit unions do to enhance their mobile strategies within their risk profile? So a lot of them, especially small ones, have pretty defined risk profiles. What are some of the things that they can do to enhance their mobile and digital strategies within that?
Viviana Campanaro Absolutely, well, the first thing you need to know is what is your tolerance for risk in the banking operations? So operational risk tolerance becomes a term. And it is widely used in many of your travels. So ask around if you’re not familiar with that, but absolutely understanding your tolerance for risk in e-banking operations. That’s the first thing that you want to do. And as decision makers in financial institutions, you are in a position to establish that. So understand your risk tolerance is driven by a couple of factors. Number one, you understand, you need to know your customers. What are your customers? What are your members needs? You know, what are you trying to deliver to them? And then, you know, the second most important thing is, is know the features and functionalities and also the limitations of your current system. So what technologies are you offering to your customers and your members within that risk tolerance? And then what are some limitations that that system has or could have? And how would that impact the, you know, the tolerance for risk? Would that increase your risk? Would that reduced the risk? Are there security implications that could reduce the risk further while still allowing you to offer that? And include all of that in your decision making process. Obviously, there are some practical tactics that you can include here like multi-factor authentication. So once you’ve determined that your risk tolerance is enough to accept your mobile banking strategy and you have a solution in place, make sure that multi-factor authentication is in there. That’s very important. And it’s usually the topic of audit conversations. And, you know, given the limitations in some of our customers’ resources, the size and complexity of financial institutions, especially in the community, financial institutions, space, it is appropriate to work with third party experts to consider the expertise of a trusted advisor when you’re considering a mobile strategy or when you’re considering enhancing your mobile strategy, giving your risk profile and tolerance. So those are the key topics that we cover a lot and a lot of the questions that we see in our travels.
Scarlett Sieber I think that that’s very helpful. And that was actually the next thing I was going to say because you talked about, which is true, is having the expertise in house and how much that can help with mitigating a lot of that risk. But for some of these smaller players, they can’t have the level that they necessarily need. And so using external parties who are experts is certainly a very important point to make. And we’re running out of time here. Any other piece of advice with your years and years of expertise and risk management that you would want our bank and credit union executives to know?
Viviana Campanaro You know, at the end of the day, it’s about awareness and communication. So, you know the more communication you can share and the more transparent that communication and honest communication can be, the farther you can get with not just the strategy, but pretty much every strategy under the book.
Scarlett Sieber Love it. We talk a lot about open communication and transparency as part of this series so that ties in nicely to some of our other topics. All right. Well, thank you so much for being on. I really appreciate you taking the time to discuss this with us. For all of you that are watching live and we’re watching later on demand, thank you for taking these 15 minutes to learn more about the impact of cyber security on your digital and mobile strategy. We will see you again next week for another great topic. If we did not get to your question, we tried to answer throughout the conversation, if we did not get to it, we will get to it at the end of day. Please use those resources at the bottom of the screen that are there for you. If there are any other thoughts that you have, maybe not even questions about other things that you want us to cover as relates to this topic, let us know. We would love to do so. Thank you again. And from the whole CCG Catalyst team, we appreciate it. Enjoy the rest of your day.
[/restrict]
Business Continuity: Unlocking Digital Commercial Banking Capabilities
Financial Brand Article: Over the COVID Horizon, Mobile Banking Demands Strategic Clarity
Digital Dreams – Expanding Commercial Banking Capabilities
The Digital Ultimatum – A Catalyst for Change
Financial Brand Article: Is It Finally Time for Open Banking’s Debut in America?
Chief Strategy & Innovation Officer Scarlett Sieber is one of the world’s premier voices in financial services. She is among the industry’s most sought-after speakers as a thought leader and innovator with expertise in driving organizational change at both startups and enterprises across the financial services and fintech ecosystem. Scarlett has been invited to speak at over 100 prestigious financial services and technology conferences globally, including Money20/20, Finovate, South Summit, and NASA’s Cross Industry Innovation Summit.
Scarlett’s experience includes founding her own startup as well as working at banks such as BBVA, USAA, and Opus Bank. She is a leading fintech influencer, included on lists such as Top 100 Women in Fintech 2019 and Top 10 Fintech Influencers in the U.S. Scarlett also has deep experience in digital strategy and innovation implementation, making her a key asset to building cutting-edge programs for our clients.
Solutions Engineer at Jack Henry & Associates, Viviana Campanaro provides subject matter expertise and sales support for Gladiator’s Managed Security and IT Regulatory Compliance/Policy Products. A Certified Information Systems Security Professional (CISSP), she is responsible for bringing education on security and regulatory compliance-oriented products and services to financial institutions throughout the nation. With 20 years of experience in information security and the financial services industry, Viviana has extensive knowledge of IT security and regulatory compliance. She has delivered information security awareness and training to audiences ranging from banking employees and technicians to management and boards of directors. She is a regular presenter at the annual Jack Henry and Symitar Education Conferences and has published articles, webinars and blogs on cybersecurity topics.
