Operations

What You Don’t Know Really Can Hurt You

Social engineers wait for naïve, untrained staff to fall into their traps.

September 12, 2011
/ PRINT / ShareShare / Text Size +

I was 16 years old when I realized the old cliché, “what you don’t know can’t hurt you” was utterly and unequivocally false.

That’s when a police officer pulled me over for speeding on a new stretch of interstate. While the officer wrote out the ticket, I performed a mental calculation; based on the standard fine of $10 for every mile over the limit, I estimated the fine to be $120.

Pretty steep for my shallow pockets, but he did bust me fair and square.

After the officer handed me the carbon copy of the ticket, I was stunned to read the fine would be $360—triple that of my calculation. Confident the officer made a grievous mathematical mistake I disputed his calculations and demanded an explanation.

He calmly informed me of a new law that tripled fines for violations within construction areas. Despite being surrounded by orange barrels and concrete partitions, I protested earnestly that I had no way of knowing about the law and shouldn’t be held accountable.

Suppressing a snicker at my lame argument, the officer slowly leaned forward to meet me at eye level. In a clearly rehearsed manner, he offered this gem of advice: “Son, ignorance is no excuse.”

Had I been aware of the law and the relevant consequences, I likely would have been more aware of my surroundings, kept my speed in check, and moved through the Subscribe to Credit Union Magazineconstruction zone without incident. So, what I didn’t know really did hurt me.

Without proper security awareness training, most front-line employees at credit unions will be just like my 16-year-old persona: ignorant of the rules, unaware of their surroundings, and oblivious to the consequences.

It’s impractical, imprudent, and quite dangerous to assume regular employees will be able to identify and respond to fraudulent activities without first being educated on how to recognize social engineering techniques.

Fortunately, financial institutions can mitigate their risk exposure from fraud and social engineering in much the same way I mitigated the cost of my speeding ticket: training.

Attending an eight-hour defensive driving class allowed me to get a reduced fine, a less-severe impact to my insurance, and several life lessons that remain ingrained in my memory.

But financial institutions don’t get off as easy. Several years of evidence and comprehensive research around data breach trends prove that financial institutions have too much at stake to wait for an incident to occur before addressing security awareness training.

Next: Two alarming findings

Post a comment to this story

heroes

What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive