Our news cycle is exhausting. Our globally connected lives mean we get news from all over the world in almost real time. We get political spin from both directions constantly on our TVs, in our ears, and on our news feeds. We get news about disasters, natural and manmade, as they happen. We hear about tragedies as they unfold, as they are posted live to Facebook and Twitter. And many of us — most of us, I think — just check out. We tune it out, turn it all off. It’s just too much to take in.
So when it was announced a few weeks ago that a hacker accessed over one hundred million Capitol One customer account records — you heard about that one right? — you might have just brushed it off. Just another breach in a faraway place, and our brains cataloged it like we do when we hear about a volcano eruption in Indonesia or a revolution in Africa. After all, the 2019 Verizon Data Breach Investigations Report noted 927 separate incidents tied to the financial and insurance industries last year, almost three events per day. None of us can keep up with that number. How far away is that breach, though? I bet your customers have Capital One cards. Fraudulent charges on those cards could influence their financial situation and impact their checking account balances with you. Then there’s the other question: If Capital One got hacked, how safe is my institution?
The only way to know the answer to that question is to test. You’re probably already doing a vulnerability assessment against your network’s perimeter, which is a great way to identify possible points of entry, but you may also want to consider a penetration test, where an engineer actively attempts to break into your network. Your employees are the weakest link in your cybersecurity defenses, so make sure you’re testing them with social engineering tests. Email phishing is a great way to test many employees at once, and physical penetration testing is a great way to make sure your branch staff are following the right procedures concerning visitors to their locations. With a layered approach to cybersecurity defense, you’re much better prepared for these threats, and you won’t have to worry about your institution being part of the news. Contact your Wipfli relationship executive or visit wipfli.com/fip-it to schedule these tests today.