Lessons learned the hard way
When I was ten years old, I delighted in riding my bike “no hands”. For those unfamiliar with this edgy riding method, “no hands” means riding without hands on the handlebars. No hands riding requires three things: skill, uncanny balance, and questionable common sense. One glorious fall day I was proudly rocking my mad no-hands skills while riding home from school. The sun was shining, the air was mild, and the breeze blew through my blond locks unimpeded by the constraints of a helmet.
I have no memory of what happened next.
What I do remember is waking up on the pavement with a splitting headache, tangled in my bike, blood in my eyes and tears streaming down my cheeks. My skills had failed, and I’d crashed violently to the concrete sidewalk. I somehow made it a wobbly two miles home in time to vomit on the floor as I stumbled through the door. The crash left me with a full-blown concussion.
What does this story have to do with your member’s online banking security? It’s obvious, really: learning participation and feedback loops. Learning happens much faster through participation coupled with instant feedback. They are learning’s key ingredients. A child riding no hands learns the lack of wisdom after a serious crash.
Balancing cybersecurity convenience with self-discipline
Yet in the world of cybersecurity, user participation is diminishing, and feedback loops are often too long to matter. Or they’re altogether non-existent. Users are not getting better at participating in their cybersecurity posture because technologists keep streamlining processes and taking the user out of the experience all in the name of convenience.
IT departments patch without user prompts or interruption; anti-virus software updates transparently in the background, and we trust that the PC firewall will just “set itself.” Social media users assume the software will protect them and take no steps to secure their accounts or rotate their passwords, even when these companies abuse trust by doing things like storing passwords in plain text. The outcome of all this cyber automation and convenience is that we are removing the ability of users to participate in “good cyber hygiene” learning experiences. Credit unions do the same thing with online banking. They use canned configurations and don’t let members participate in their online virtual branch configuration experiences.
To provide feedback to members, CU*Answers offers Personal Internet Branch, a site that allows members to fully customize security configurations for their online banking experience. With PIB, members can set limits on when their information can be accessed and from where. Devices can be registered, and multi-layer security controls enabled for transfers or bill payments. Yet only a few credit unions using CU*BASE allow their members to participate in and customize their security configurations. Some credit unions don’t even offer this important control.
Trust members to be stewards of their security by giving them the tools
Your members will never get engaged in their cybersecurity configurations unless you allow them to participate. Maintaining a “we know best” model prevents them from learning or taking an ownership stake in their configuration.
Your members want to get engaged. They are used to permission request prompts when installing new apps on their smartphones and tablets. Yet credit unions continue to miss this mark for mobile and online banking. Why doesn’t your mobile app ask the member when they want access enabled or if they want to limit its use to just that device? Do they want transfer or payment controls? Are your MSRs proficient with leading members through these options? If not, why are we surprised when cyber fraud occurs if we are holding back the very tools that can change this equation?
Get your members engaged by getting your team engaged. Start with the tools you already have and put a plan in motion to start educating your members of your cybersecurity tools and how they can participate, learn, and bank online with confidence in an ever changing world. You can teach your members good lessons about cybersecurity without having them suffer a serious accident. Safer members means your credit union is better protected as well.