
Setup a Right Culture for Better Banking Security


Scott Blake, SVP & CIO, Bangor Savings Bank
There are no shortcuts in information security—no magic product that will secure the bank against the bad guys. Most of us look at security as a combination of products and compliance. We have all bought firewalls, anti-malware software, email security devices, multi-factor authentication, patch management tools, vulnerability assessment scanners, and more. We also have our annual audits, examinations, penetration test, and so forth. Maybe, if we are advanced, we have a security awareness program, conduct phishing tests, or have installed network access control systems. Perhaps some even go as far as red-teaming, either with an in-house group or as an annual exercise. If we have all these tools and submit to all these tests, most of us probably feel good about our security.
As leaders, the choices we make, the attitudes we project, and the behaviors we portray speak volumes about the expectations of those around us
It is really a lot like how many of our banks do customer service. We participate in non-profits in our communities, we make various donations, and we encourage our associates to smile at our customers. Many of us buy customer relationship management (CRM) software and invest in our telephony technologies. A few of us are experimenting with various online customer contact solutions, like video chat or interactive teller machines. We probably do some measurement of customer satisfaction. Minimally, we survey from time to time and the sophisticated have a mature customer feedback program. As long as our customer base grows (or at least is not shrinking), we probably feel good about our investments.
However, unless you are at one of the top five banks for customer service, your company is not quite doing the best it can. What separate the top performers in customer service are the same things that set companies apart in information security—culture.
Culture has many meanings. In this case, I am working with, “the attitudes and behavior characteristic of a particular social group.” The group here is your bank. Every social group in human history has a culture. People cannot resist watching what happens around them and seeking to be part of the group (or actively rejecting group, which is just a variation of the theme). Most often, the culture of a group is a reflection of the attitudes and behaviors of the leaders of the group. For us, that generally means the bank executives, but there are often other influencers throughout an organization that are also significant in the bank’s culture. Outstanding customer service, like superior information security, begins with the tone at the top.
Top performers have figured out that to be extraordinary at something you have to incorporate it into your culture. Bank associates who are more concerned with whether or not they have a job or the direction their bank is heading cannot possibly create delighted customers. IT staff that are just trying to keep their systems running or buried under unending projects also cannot be expected to keep their systems secure.
As CIOs, we may not be able to set the bank’s tone at the top (though we should be influencers), but we can set the tone in our own departments. Our attitudes and behaviors set the tone for our staffs and help define the IT and security culture for our banks. How many of us look at audits as an imposition that takes time away from our “real work” instead of an opportunity to see if the stories we tell ourselves are true? On our server teams, do your engineers look at the security configuration of their servers as a hurdle they have to overcome to deliver business services or do they see security as an enabler—the means to deliver not just function, but also trust and confidence? How many of us have looked through their users’ eyes at how they experience user access reviews to find a better way to stronger controls that also ensure that everyone does have the access they need?
As leaders, the choices we make, the attitudes we project, and the behaviors we portray speak volumes about the expectations of those around us. Leaders who disdain compliance have followers who do only the bare minimums to comply. If we are always chasing the shiny, new application or industry fad, our people will neglect the bread and butter activities of maintaining systems. Those basics are where we find a strong security posture. Solid patching practices, regular evaluation of vulnerabilities, current software and hardware, and attention to the details are the foundation of good information security. If we pay attention to these, we will create a culture that does the same.
ON THE DECK
Featured Vendors
Claim Connect IQ: A Digital Marketplace that Connects Insurance Professionals with the Best Service Providers
FastTrack Disability Risk Management Solutions & Services: Robotics Driven Claims Adjudication Processes
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Disrupt Your Legacy Application Portfolio to Improve Security And...
Why a Credentialing Strategy Must be Part of Your Digital Strategy
The Convergence of IT with the Internet of Things Innovation
It’s On People: The Undeniable Cultural Impact in a Digital...
A Promising Road Ahead for Insurtech
Bolloré Logistics Australia becomes a global leader in the use of...
