By Caity Hinton
Cybersecurity Awareness Month is here, and with it comes a new opportunity to partner with our institutions to increase security awareness not just during the month of October, but as a vital and engrained part of your organization. At Q2, we believe that a true defense in depth strategy incorporates people—especially employees—as well as processes and technology. Each of those facets individually may not be enough to stop an attack. But when all three are working together, compensating for each other’s weaknesses and overlapping on their strengths, we’re able to create a dynamic defense for community-focused financial institutions.
The people making up your organization simply can’t be expected to defend against attack that they aren’t familiar with. A strong, current training and awareness program is the first step in creating a multilayered defense strategy for your institution. Whether that’s recognizing trending attack characteristics or learning how to strategically incorporate machine learning into your FI’s defense strategy, our team is excited to introduce our first set of training modules aimed at helping you create a culture of security awareness, year round.
This human element is often referred to as the weakest link in a cyberdefense strategy, due largely to the fact that humans are trusting by nature. Employees are very likely to click on a suspicious link or attachment, unknowingly introducing exposure points into an institution’s network.
This two-part series ensures that financial institutions are prepared for perhaps the most the difficult attacks to defend against: those aimed at people.
The first module outlines phishing and “SMiShing” (SMS phishing), examining the common vectors for attack, the consequences of falling victim to these scams and what employees should be looking for to spot phishing emails and text messages.
The second course examines the threat of pretext phone calls targeting a financial institution and its account holders and the threat of attackers’ onsite attempts to gain access to sensitive or restricted areas of a facility. We cover attack types and methods, potential impacts and best practices to ensure a proper defense.
This module will go behind the scenes to examine the threat money mules pose to FIs. More and more account holders are falling victim to this scheme, often unknowingly transferring fraudulent funds. We’ll define the problem, show how money mules are recruited, how and why account holders fall for it and how to detect potential money mule scenarios, including a series of case studies of fraud cases reported to Q2.
Account takeover fraud has caused more than $25 billion in lost funds for U.S. financial institutions in the past five years, according to research from Javelin. This module assesses how financial institutions can help account holders defend themselves and protect their money. Knowing the ins and outs of how these attacks are perpetrated is the first step in preventing them. We’ll review attack techniques, case studies and proven defense measures.
Q2 is at the forefront of the financial services industry in integrating data analytics and machine learning into our technology and services. The proprietary Risk & Fraud Analytics (RFA) engine is pioneering that integration, using machine learning and data analytics to detect transaction anomalies and stop fraudulent transactions in real time – before losses are realized. This session will take a deeper dive into the scoring mechanics behind RFA and explore best practice recommendations to help financial institutions make the most of this powerful tool.
The Q2 platform offers a robust suite of security features, however, they can only be at their most powerful when configured strategically. This module takes an in depth look at all of the security features available within the platform to make sure your institution is adopting the most cost-effective, risk-averse and proactive defense measures possible.
The course modules listed above are the first subset of courses turning Q2’s security thought leadership into actionable education materials that you can permeate throughout your organization. Our new security training offerings are the next way we can partner with our institutions to bolster defenses and help you protect the trust you’ve earned with your account holders.
*RFA is now known as Q2 Sentinel.