crossmatch logo

Top cybersecurity challenges facing commercial banking and why they don’t stand a chance against you

If you follow the news, you know that the U.S.’s four largest banks haven’t been getting the best press lately. From questionable sales practices to high-profile breaches that have exposed the data of millions, mega-banks seem to be in a race to lose consumer trust. That’s where you come in. Smaller organizations enjoy closer relationships with customers, a keener sense of lending risk in the markets they serve, and a more manageable IT footprint. All of these, it turns out, are advantages in today’s IT security landscape. Check out 5 major challenges facing commercial banking today, and how they relate to you:

User demands image

User demands keep you up at night.

Consumers want a smoother user experience and better security, and employees just want to do their jobs without having to cultivate an encyclopedic memory of 16-character passwords. Authentication has to accomplish both of these goals. When refining your cybersecurity strategy, being a little smaller can make a big difference. Smaller organizations are usually more in-tune with customers and responsive to employee needs, and communication is clearer between leadership and staff, and between departments. Mega-banks are notoriously siloed and stratified. Not you.

Knowing customers better and having open lines of communication between IT and everyone else can be a huge boon when establishing new cybersecurity policies or choosing a new layer of authentication to add to your mix. When your organization is a close-knit group of people rowing in the same direction, there’s no need to pay a consulting firm millions of dollars to find out what authentication will work best for your users.

regulatory blues image

You have the regulatory blues.

Regulatory strain adds another layer of complexity to managing IT, and the burden of compliance can weigh more heavily on smaller organizations without a massive regulatory bureaucracy. What’s more, compliance standards are usually far outpaced by increasingly sophisticated methods of cyberattack. While there’s overlap between compliance and security, one does not guarantee the other.

Interestingly, it’s difficult enough to pass muster during a Credit Union IT audit that compliance does actually align with cybersecurity best practices. To stand up to the NCUA’s exhaustive cybersecurity assessment, password hygiene is key. Multiple authentication methods are a must-have, and password policies should be draconian—including different credentials for every system and application. Complex password policies create a substantial user burden, but the right authentication solution can lift that burden and provide completely secure passwords without the need for sticky notes (a huge cybersecurity hazard) or daily calls to you for a reset.

threat landscape

The threat landscape won’t stand still.

Just when you think you have a handle on the cyberthreat du jour, another will crop up. That’s the nature of the beast, and a big part of why breaches succeed. Larger organizations may harden their security posture against known threats by investing big money into a solution built on buzzy new tech, only to find out that their solution doesn’t address an emerging threat a year later. Rigid solutions aren’t the right fit for today’s cybersecurity climate, and they can be costly in more ways than one.

Imagine that you’re steering one of the largest cruise ships in the world and a new island suddenly appears a few hundred feet in front of you in what was once clear waters. If you’re moving fast, not running aground on terra firma is going to be a challenge. But if you’re in a smaller craft that’s easy to steer, no sweat. Seafaring metaphors aside, if you find a solution that can grow and change with you, and you aspire to flexibility, rather than rigidity, emerging threats don’t have to be a cause for panic.

weakest link

The weakest link may sit at a desk five feet away.

For black hats, insiders are soft targets. Error-prone, careless, or even actively malicious employees have been the reason for many a breach. No amount of well-meant IT emails or security primers can fully protect you from insider threat, but two things can give you a fighting chance:

1. Implementing “human-proof” authentication

Because fingerprint biometrics and behavioral biometrics authenticate through unique user characteristics and make compliance by the user mandatory, they’re a powerful tool in heading off breaches due to spear phishing attacks. An alphanumeric password can be phished from a spoofed email, but fingerprints and unique typing cadence can’t.

2. Fostering a sense of personal responsibility for cybersecurity

A focus on employee satisfaction and investment in the organization is a powerful form of risk management, which means the tendency of credit unions, regional banks, and community banks to be more cohesive in culture is a real advantage over the bigger guys. Open communication and face-to-face time between members of your department and everyone else can’t hurt, either.

cutting edge image

Careful! The cutting edge is sharp.

New technology is great—until it isn’t. IT departments are usually the ones stuck doing damage control as mismatched systems and devices try (and fail) to play nicely with one another. We’ve all heard horror stories of new installs completely crashing essential services, like the April 2018 crash at TSB, a bank based in the UK, that locked its customers out of their online accounts for two weeks following an IT upgrade.

Focus on finding solutions offering backward- and forward-compatibility, integration into your existing infrastructure, and a proven track record of success in organizations just like yours. And here’s a little silver lining: solutions acquired by smaller organizations typically cost less and are easier to implement than the exact same solutions in larger organizations. When there are fewer moving parts and less geographic distribution to worry about, taking a chance on something new doesn’t have to be scary—if you do your homework.

This content has been brought to you by Crossmatch®. Crossmatch is a leading provider of hardware and software solutions, including DigitalPersona® Composite Authentication, that solve the identity management challenges of hundreds of millions of users around the world. To learn more, visit

Don’t Miss Out.

Sign up on the right to get notified when more content goes live: