Bendigo and Adelaide Bank is in the process of revamping the training it provides new and existing staff around "core security concepts".
In its first ever sustainability report [pdf], the bank said that all employees received "mandatory online training" under its cyber security strategy, both "when they start and throughout their employment."
The online module it uses in this training "covers topics such as the nature, value and classification of information; data risk management; relevant security and acceptable use policies; email and social media management; and tips for working safely."
"Reflecting the rapid pace of change in the sector and new modes of learning delivery, the training module is being fully revamped for FY22," the bank said.
The training is one part of an "holistic approach" that the bank said it had adopted to "build a security aware workforce".
"We run a range of information security communication and education initiatives across the organisation aimed at developing skills and enabling positive security behaviours," it said.
Like other organisations of its size, it runs regular "automated phishing drills" against its user base in the hope that it will help them get better at recognising "tell-tale signs" and report them internally.
“Tailored educational messages are then sent to anyone who has been ‘caught’ by the [test] phish, giving them advice on what signs to look for next time," the bank said.
In the report, the bank sad that another “side of its holistic approach to cyber security is ... investment in technology."
The bank has previously revealed an increase in its technology spend by between $10 million and $20 million to focus on simplification and modernisation.
However, its commentary in the report is specifically around cyber security-related initiatives, which include the implementation of "new identity technology as part of [its] broader digital transformation”.
This appears to be aimed more at the customers of its banking services than at employees.
“Using our new identity solution, along with secure digital engagement systems, we will leverage modern authentication techniques and experiences to bring a best of breed, yet familiar and trusted experience," the bank said.
“It will take advantage of the security and biometric features of mobile devices to provide a highly secure, yet easy to use banking experience.
“We are [also] lifting all our customer base up to stronger levels of trust with smarter and easier to use multi-factor authentication, to ensure they can trust their engagement with us, and to ensure we trust we are engaged with the right customer.”
It’s expected this method will create “a positive impact” by reducing the chances of fraud or ID theft against the bank’s customers.
The report added that the bank's use of cloud services on the backend also brought security and resiliency improvements.
“In addition to their suite of cloud services, working with partners allows us to benefit from the work the partner has done in mitigating their environmental impact. “
The bank has previously outlined plans to re-platform its internet banking and put more workloads into public cloud.
Late last year the bank pushed 30 non-critical workloads to Amazon Web Services over the course of a month.
