1 FAQs on the Customer Security Awareness Program (CSAP) About the program: 1. How does this security awareness program differ from other programs on the market? 2. What does the Customer Security Awareness Program (CSAP) consist of? 3. What resources does the program offer? 4. What are the program s benefits? 5. How can the program help with cross-sales and new product adoption? 6. How long does it take to get started? 7. What is the length of a subscription? 8. Can we scale up during our contract? 9. For the self-service model do you provide training for my employees that will be working with it? 10. What is MySecurityAwareness.com? 11. What is the difference between the full-service and self-service programs? 12. Can I add my institution s branding to the resources? 13. In which formats are the resources offered? 14. How do you find your content? 15. How often are the resources updated? 16. What is an iframe? 17. Do you offer help with social media? 18. Do you offer a training program for bank employees? 19. How does the program track compliance efforts? 20. How does the program help me meet compliance obligations? 1. How does this program differ from other programs on the market? InfoSight s Customer Security Awareness Program is the most complete in the market place today. It is the only single-source solution available today. Other programs only offer certain pieces of the security awareness puzzle like articles, posters or flyers and sometimes training courses mostly directed at IT employees and not your clients. InfoSight s Customer Security Awareness Program offers a comprehensive library of resources including articles to post on your website, games, videos, presentations, posters, s, surveys and more. Additionally, our online training portal contains information security awareness training courses aimed at your higher-risk commercial customers. The portal allows you to track and report on commercial customer s progress, and includes your branding to make it yours. In 2012, InfoSight s Customer Security Awareness Program (CSAP) was recognized with an Innovative Solutions Awards by Bank News Media. 2. What does the Customer Security Awareness Program (CSAP) consist of? InfoSight s CSAP helps reduce the impact of today s cyber threats by equipping your customers with the knowledge needed to keep data and systems secure.
2 InfoSight s CSAP provides customer-ready content explaining the dangers of internet transactions, phishing, malware, ACH, wire fraud, cybercrime, social engineering tactics, and more. Financial institutions are able to use the content in a variety of ways including adding the content to their website, newsletters, statement stuffers, placing posters in branches, etc. Also included are special events for customers such as live webinars and in-branch security workshops. 3. What resources does the program offer? The program comes complete with a variety of ready-made and versatile toolkits so you are able to quickly implement an effective and compelling customer security awareness program: Dynamic website content Static website content Security Awareness Onsite Workshops Security Awareness Webinars Newsletters Quick Clip Videos campaign content Branch Collaterals and Posters Statement stuffers Surveys On-hold messaging Tools for your customers Optional online training portal (LMS) for your high-risk customers 4. What are the program s benefits? Demonstrate to Regulators and Clients that you are meeting security awareness initiatives which are now mandatory. Create cross-sales and new-sales opportunities by conducting security workshops. Onboarding of new prospective relationships with larger commercial clients by selectively inviting prospects. Reduce liability and risk of litigation by offering free security education to your commercial client base. Instill confidence in your customers that doing business with your financial institution electronically is safe. Drive new product adoption such as mobile and/or Cash Management Services. Integrate with existing Social Media initiatives and/or assist in future efforts. Integrate with required employee security awareness training initiatives. Create new recurring revenue by selling products such as Cyber-Liability Insurance. 5. How can the program help with cross-sales and new product adoption? By conducting onsite security awareness workshops, business development bankers and lenders get an opportunity to network in a friendly setting with commercial clients to offer them a variety of services all in the name of compliance. Additionally, Newsletters, statement stuffers and other collaterals have areas where spotlighted products and services can be highlighted.
3 6. How long does it take to get started? Because the materials are immediately accessible and customer-ready, you can have your program up and running literally within a week, or as soon as you re ready to launch it. 7. What is the length of a subscription? The subscription is based on a three-year agreement. 8. Can we scale up during our contract? Our program is flexible, so if you should find you need more content, simply contact us to get access to additional materials. 9. For the self-service model, do you provide training for my employees that will be working with it? Even though the self-service portal is user-friendly and intuitive, we ensure you know how to use it by walking you through the portal during a training session. And, we re always available to answer questions should you need additional assistance. 10. What is MySecurityAwareness.com? MySecurityAwareness.com is an online portal which provides fresh and dynamic security awareness content to financial institutions and their customers. The website offers an ever-growing and regularly-updated array of articles, videos, games, and downloadable security tools with separate sections for your commercial and retail customers. Subscribers are able to link to MySecurityAwareness.com or they can embed it within their website so their customers never have to leave their site. The articles, videos, games, and tools available on MySecurityAwareness.com are useful in mitigating the dangers of internet transactions, phishing, malware, ACH, wire fraud, hacking for profit, social engineering tactics, and more; by educating users on how to avoid becoming a victim. 11. What is the difference between the full-service and self-service programs? With our self-service program you will enjoy significant cost savings. You have access to ready-to-go resources allowing you to administer the program any way or any time you like. If you don t have the time or resources to administer the program yourself, our full-service program provides you with a single point of contact who will implement it for you. We ll work under your direction to tailor, customize, and personalize the materials for your brand, and ensure your program is administered satisfactorily throughout the year. A self-service subscription is always included at no additional cost with any full-service program. 12. Can I add my institution s branding to the resources? Yes, all resources will include your institution s branding. Simply add your logo, color scheme and contact information to the materials. We ve even left room in the newsletters for you to promote your institution s products and services or special events. 13. In which formats are the resources offered? The resources are offered in a variety of media formats, depending on its intended usage. For example, information security articles are available in MS Word, newsletters are created in MS
4 Word and Adobe In-Design, posters are print-quality.pdf documents, workshops and webinars are developed in MS PowerPoint, and so forth. 14. How do you find your content? The majority of our content is created in house. In some cases, we link to outside content when it is readily available elsewhere and we credit the author. And, because there are so many free software tools available on the Internet (like free Anti-virus), we provide links to the tools we ve found to be useful and trustworthy. 15. How often are the resources updated? To remain current with the prevailing cyber threats, social engineering tactics and software tools, we update the program materials as needed. This practice allows us to deliver timely and leadingedge content for our customers. 16. What is an iframe? An iframe is an HTML document embedded inside another HTML document on a website and is used to insert content from one source into another Web page. We offer the option of embedding our website into yours so that your customers never have to leave your site to view our information security awareness content. 17. Do you offer help with social media? Yes, through our social media consulting service we will guide you through the maze of tools and strategies to help you build a strong, effective social community that delivers long-term value. We will develop a forward-looking plan of innovative usages for social media with a focus on areas of importance to you such as commercial lending, retail banking, consumer lending, wealth management/trust and financial services. Rest assured your social media plan will conform to regulatory requirements and security best practices. 18. Do you offer a training program for bank employees? Yes, we do! InfoSight s information security awareness training portal provides online, on-demand training, with the ability to track and report on each student s progress. The portal can be used for more than just training purposes: it can also double as your institution s intranet and documentsharing solution. Let us show you how it works by scheduling a quick demo. 19. How does the program track compliance efforts? If you opt to subscribe to InfoSight s online training courses to educate your high-risk customers, all the interactions between your customer and the portal are tracked and recorded so you can download a detailed report for all or just one of your customers. 20. How does the program help me meet compliance obligations? In January 2012, the FFIEC required financial institutions to provide information security awareness education for their consumer and commercial customers. InfoSight s Customer Security Awareness Program (CSAP) delivers an effective and quality program to educate your customers about phishing, malware, ACH and wire fraud, and more. The following table provides a side-by-side comparison between guidance requirements and our robust solution.
5 GUIDANCE REQUIREMENTS Implement a Customer Awareness Program & evaluate its effectiveness Track the number of Statement Stuffers or other direct mail communications Track the number of customers who report fraudulent attempts to obtain their authentication credentials Track the dollar amount of losses relating to identity theft, etc. Track the number of clicks on information security links on websites. Inform customers under what circumstances the institution may contact them on an unsolicited basis and request their banking credentials. Advise that commercial account holders perform risk assessments on their own environments. Make a list available of resources that customers can use to find alternative risk control methods to mitigate their own risk. INFOSIGHT S SOLUTIONS Can provide source content for Client Security Awareness Program to include: Workshops, Webinars, Newsletters, Social Media Campaigns, Print Collaterals and more. Can provide Client Information Security content for Statement Stuffers, Mailers, and more. Can provide online tracking of customers reporting attempts to obtain their credentials, if requested. Can provide an Annual Progress Report will evaluate your program s effectiveness, if applicable. Can track customers who download tools and/or click on security information and education links on website; analytics and/or landing page required. Can provide access to industry experts for ongoing advice, and to assist with Corporate Communications Can provide security and risk control tools for Commercial Clients. Can assist with the development of your institution s Information Security Web-page targeted at your commercial clients.
CYBERSECURITY A Resource Guide for BANK EXECUTIVES Executive Leadership of Cybersecurity CEO LETTER I am proud to present to you the CSBS Executive Leadership of Cybersecurity Resource Guide. The number
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
Things you need to know and do to operate safely online An initiative of the Australian Government that brings together existing resources, tools and websites to help small businesses understand and manage
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
At Loblaw Companies Limited, we respect your privacy and take great care in protecting your Personal Information. This policy demonstrates our commitment to your privacy. Read on to discover how your Personal
Advanced Techniques for Work Search Target your work search Develop your network Market yourself effectively Stand out in an interview Government Career Practitioners This workbook was developed to help
New York State Office of the State Comptroller Division of Local Government and School Accountability LOCAL GOVERNMENT MANAGEMENT GUIDE Information Technology Governance Thomas P. DiNapoli State Comptroller
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
Decision Point White Paper Notice and Access Decision Point: Planning for a Successful Proxy Process Under the New Rules Merrill s 2007 Notice and Access Series M E R R I L L C O R P O R A T I O N In the
How to Reach and Engage Human Resource Buyers and Convert Them to Leads A Three-Step Guide to Achieve Increased Publicity, Web Site Traffic, Improved SEO and More HR Sales Leads Mark Willaman Founder www.hrmarketer.com
HOW TO START YOUR GPS TRACKING BUSINESS A RacoWireless ebook Powering Your Success Table of Contents Why start a GPS Tracking business. 3 Get focused! Pick a niche for your business. 6 Develop your product
UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 10-K (Mark One) È Annual Report pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 For the fiscal year ended
Banking Understanding banking in Canada Contents. 1: Getting started Opening your first bank account............ 3 Accessing your money.................. 4 Sending money overseas................. 7 Understanding
Five Steps to Plan a Strategic e-newsletter Program Five Steps to Plan a Strategic e-newsletter Program It s safe to say e-mail has become one of the most important business communications tools available
ILM Level 3 Qualifications in Leadership and Management Candidate Handbook 2 Background to ILM The Institute of Leadership & Management (ILM) is Europe s largest independent Leadership and Management Awarding
TRUEBRIDGE CONTENT MARKETING SYSTEM Multi-Channel Lead Generation The 3-Part Process that Drives Cross-Sell Revenue The Truebridge system combines educational content, a customized delivery platform and
Internet Marketing 101: How Small Businesses Can Compete with the Big Guys Small businesses often feel they are at a distinct disadvantage when competing against large enterprises and their massive budgets.
With hundreds of Help Desk software packages available, how do you choose the best one for your company? When conducting an Internet search, how do you wade through the overwhelming results? The answer
TEAM HANDBOOK Academic Year Ending 2015 Enactus Team Handbook Academic Year Ending 2015» 1 en act us A community of student, academic and business leaders committed to using the power of entrepreneurial
Guidelines for smart phones, tablets and other mobile devices Summary Smart phones, tablets and other similar mobile devices are being used increasingly both privately and in organisations. Another emerging
Understanding Big Data with Business Intelligence Tools Analytics Help Leverage Your Massive Amounts of Information Big data is a hot topic in a variety of industries these days. Major retailers know how
March 31, 2014 Attn: Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 1650 Pennsylvania Avenue NW Washington, D.C. 20502 Ladies and Gentlemen: Re: Big Data Request