I've interviewed many CISOs who have shared a sentiment like this: the cyber habits employees develop at home follow them to the office.
So the more personal you can make security, the better off your employees and your network will be.
Could the same be true if you educate customers about cybersecurity?
Bank of America surprised me last night when I was logging off by asking me if I wanted to learn about ways to keep my information, my computer, and my smartphone safe.
Come to think of it, yes, I would. Thanks for asking.
Here was the message that appeared on my screen, giving me the option to review B of A's Fraud Checklist:
Of course, I feel like I personally have a pretty good handle on protecting these things myself because I've benefited from the collective knowledge of information security leaders at our regional cybersecurity conferences and at our web conferences.
But I was curious what sorts of things the list included, for someone just trying to pay a bill and not thinking about security.
So I viewed the checklist, which looked like this:
It goes over ways to protect you identity, as you see here.
And it listed some ideas on protecting your computer, including installing McAfee antivirus for 12 months at no cost, and the next 12 months at half the cost.
Imagine that, a bank helping me secure the endpoint that connects to their network. That actually makes sense!
The checklist also reminded me to install operating system updates and software updates frequently since these days so many updates are upping security.
And the checklist suggested enabling two-factor authentication. I'm not sure if most people know what that is, but perhaps they do if they work in an office.
Lastly, the company offered a phishing reminder around only clicking on known links.
The Bank of America fraud checklist finishes with a resource for its customers:
"If you receive a suspicious call, text or email from someone claiming to be Bank of America, do not respond. Send it to abuse@bankofamerica.com. Our team reviews all submissions..."
In the race to make security personal it makes sense to focus those efforts on your employees.
But helping secure your end users could make you more secure as well, while scoring points on behalf of your organization.
By the way, here is the Bank of America Fraud Checklist, in case you want to take a look.