FAQs on the Customer Security Awareness Program (CSAP) About the program: 1. How does this security awareness program differ from other programs on the market? 2. What does the Customer Security Awareness Program (CSAP) consist of? 3. What resources does the program offer? 4. What are the program s benefits? 5. How can the program help with cross-sales and new product adoption? 6. How long does it take to get started? 7. What is the length of a subscription? 8. Can we scale up during our contract? 9. For the self-service model do you provide training for my employees that will be working with it? 10. What is MySecurityAwareness.com? 11. What is the difference between the full-service and self-service programs? 12. Can I add my institution s branding to the resources? 13. In which formats are the resources offered? 14. How do you find your content? 15. How often are the resources updated? 16. What is an iframe? 17. Do you offer help with social media? 18. Do you offer a training program for bank employees? 19. How does the program track compliance efforts? 20. How does the program help me meet compliance obligations? 1. How does this program differ from other programs on the market? InfoSight s Customer Security Awareness Program is the most complete in the market place today. It is the only single-source solution available today. Other programs only offer certain pieces of the security awareness puzzle like articles, posters or flyers and sometimes training courses mostly directed at IT employees and not your clients. InfoSight s Customer Security Awareness Program offers a comprehensive library of resources including articles to post on your website, games, videos, presentations, posters, emails, surveys and more. Additionally, our online training portal contains information security awareness training courses aimed at your higher-risk commercial customers. The portal allows you to track and report on commercial customer s progress, and includes your branding to make it yours. In 2012, InfoSight s Customer Security Awareness Program (CSAP) was recognized with an Innovative Solutions Awards by Bank News Media. 2. What does the Customer Security Awareness Program (CSAP) consist of? InfoSight s CSAP helps reduce the impact of today s cyber threats by equipping your customers with the knowledge needed to keep data and systems secure.
InfoSight s CSAP provides customer-ready content explaining the dangers of internet transactions, phishing, malware, ACH, wire fraud, cybercrime, social engineering tactics, and more. Financial institutions are able to use the content in a variety of ways including adding the content to their website, email newsletters, statement stuffers, placing posters in branches, etc. Also included are special events for customers such as live webinars and in-branch security workshops. 3. What resources does the program offer? The program comes complete with a variety of ready-made and versatile toolkits so you are able to quickly implement an effective and compelling customer security awareness program: Dynamic website content Static website content Security Awareness Onsite Workshops Security Awareness Webinars Newsletters Quick Clip Videos Email campaign content Branch Collaterals and Posters Statement stuffers Surveys On-hold messaging Tools for your customers Optional online training portal (LMS) for your high-risk customers 4. What are the program s benefits? Demonstrate to Regulators and Clients that you are meeting security awareness initiatives which are now mandatory. Create cross-sales and new-sales opportunities by conducting security workshops. Onboarding of new prospective relationships with larger commercial clients by selectively inviting prospects. Reduce liability and risk of litigation by offering free security education to your commercial client base. Instill confidence in your customers that doing business with your financial institution electronically is safe. Drive new product adoption such as mobile and/or Cash Management Services. Integrate with existing Social Media initiatives and/or assist in future efforts. Integrate with required employee security awareness training initiatives. Create new recurring revenue by selling products such as Cyber-Liability Insurance. 5. How can the program help with cross-sales and new product adoption? By conducting onsite security awareness workshops, business development bankers and lenders get an opportunity to network in a friendly setting with commercial clients to offer them a variety of services all in the name of compliance. Additionally, Newsletters, statement stuffers and other collaterals have areas where spotlighted products and services can be highlighted.
6. How long does it take to get started? Because the materials are immediately accessible and customer-ready, you can have your program up and running literally within a week, or as soon as you re ready to launch it. 7. What is the length of a subscription? The subscription is based on a three-year agreement. 8. Can we scale up during our contract? Our program is flexible, so if you should find you need more content, simply contact us to get access to additional materials. 9. For the self-service model, do you provide training for my employees that will be working with it? Even though the self-service portal is user-friendly and intuitive, we ensure you know how to use it by walking you through the portal during a training session. And, we re always available to answer questions should you need additional assistance. 10. What is MySecurityAwareness.com? MySecurityAwareness.com is an online portal which provides fresh and dynamic security awareness content to financial institutions and their customers. The website offers an ever-growing and regularly-updated array of articles, videos, games, and downloadable security tools with separate sections for your commercial and retail customers. Subscribers are able to link to MySecurityAwareness.com or they can embed it within their website so their customers never have to leave their site. The articles, videos, games, and tools available on MySecurityAwareness.com are useful in mitigating the dangers of internet transactions, phishing, malware, ACH, wire fraud, hacking for profit, social engineering tactics, and more; by educating users on how to avoid becoming a victim. 11. What is the difference between the full-service and self-service programs? With our self-service program you will enjoy significant cost savings. You have access to ready-to-go resources allowing you to administer the program any way or any time you like. If you don t have the time or resources to administer the program yourself, our full-service program provides you with a single point of contact who will implement it for you. We ll work under your direction to tailor, customize, and personalize the materials for your brand, and ensure your program is administered satisfactorily throughout the year. A self-service subscription is always included at no additional cost with any full-service program. 12. Can I add my institution s branding to the resources? Yes, all resources will include your institution s branding. Simply add your logo, color scheme and contact information to the materials. We ve even left room in the newsletters for you to promote your institution s products and services or special events. 13. In which formats are the resources offered? The resources are offered in a variety of media formats, depending on its intended usage. For example, information security articles are available in MS Word, newsletters are created in MS
Word and Adobe In-Design, posters are print-quality.pdf documents, workshops and webinars are developed in MS PowerPoint, and so forth. 14. How do you find your content? The majority of our content is created in house. In some cases, we link to outside content when it is readily available elsewhere and we credit the author. And, because there are so many free software tools available on the Internet (like free Anti-virus), we provide links to the tools we ve found to be useful and trustworthy. 15. How often are the resources updated? To remain current with the prevailing cyber threats, social engineering tactics and software tools, we update the program materials as needed. This practice allows us to deliver timely and leadingedge content for our customers. 16. What is an iframe? An iframe is an HTML document embedded inside another HTML document on a website and is used to insert content from one source into another Web page. We offer the option of embedding our website into yours so that your customers never have to leave your site to view our information security awareness content. 17. Do you offer help with social media? Yes, through our social media consulting service we will guide you through the maze of tools and strategies to help you build a strong, effective social community that delivers long-term value. We will develop a forward-looking plan of innovative usages for social media with a focus on areas of importance to you such as commercial lending, retail banking, consumer lending, wealth management/trust and financial services. Rest assured your social media plan will conform to regulatory requirements and security best practices. 18. Do you offer a training program for bank employees? Yes, we do! InfoSight s information security awareness training portal provides online, on-demand training, with the ability to track and report on each student s progress. The portal can be used for more than just training purposes: it can also double as your institution s intranet and documentsharing solution. Let us show you how it works by scheduling a quick demo. 19. How does the program track compliance efforts? If you opt to subscribe to InfoSight s online training courses to educate your high-risk customers, all the interactions between your customer and the portal are tracked and recorded so you can download a detailed report for all or just one of your customers. 20. How does the program help me meet compliance obligations? In January 2012, the FFIEC required financial institutions to provide information security awareness education for their consumer and commercial customers. InfoSight s Customer Security Awareness Program (CSAP) delivers an effective and quality program to educate your customers about phishing, malware, ACH and wire fraud, and more. The following table provides a side-by-side comparison between guidance requirements and our robust solution.
GUIDANCE REQUIREMENTS Implement a Customer Awareness Program & evaluate its effectiveness Track the number of Statement Stuffers or other direct mail communications Track the number of customers who report fraudulent attempts to obtain their authentication credentials Track the dollar amount of losses relating to identity theft, etc. Track the number of clicks on information security links on websites. Inform customers under what circumstances the institution may contact them on an unsolicited basis and request their banking credentials. Advise that commercial account holders perform risk assessments on their own environments. Make a list available of resources that customers can use to find alternative risk control methods to mitigate their own risk. INFOSIGHT S SOLUTIONS Can provide source content for Client Security Awareness Program to include: Workshops, Webinars, Newsletters, Social Media Campaigns, Print Collaterals and more. Can provide Client Information Security content for Statement Stuffers, Mailers, and more. Can provide online tracking of customers reporting attempts to obtain their credentials, if requested. Can provide an Annual Progress Report will evaluate your program s effectiveness, if applicable. Can track customers who download tools and/or click on security information and education links on website; analytics and/or landing page required. Can provide access to industry experts for ongoing advice, and to assist with Corporate Communications Can provide security and risk control tools for Commercial Clients. Can assist with the development of your institution s Information Security Web-page targeted at your commercial clients.