Securing client data through technology,
training, and teamwork
See how Charles Schwab created a cybersecurity savvy workforce to keep client information (and assets) safe.
September 30, 2021
By Jamaal Mobley, Director of Communications
When looking for a financial company to work with there are many factors to consider. But at the end of the day one of the biggest questions people ask is, “Will my money be safe here?”
Doing a search for safe online investing options will generate a list of endless results. So how do people know who to trust? It’s not likely you’ll click on a brokerage website and see the headline, “Safe most of the time!” And if you do, well, yikes.
Charles Schwab knows its clients are trusting the company with more than just money, it’s their financial futures. Which means following strong cybersecurity practices and upholding clients’ trust is non-negotiable.
Schwab’s commitment to safeguarding client data runs deep throughout its technology, business strategy and culture.
As the financial services industry continues its digital acceleration, Schwab is working diligently to make sure all employees, regardless of role, are educated on the latest cybersecurity information.
“We’ve taken a people-centric approach to make sure Schwab’s cybersecurity policies are understood and followed by all Schwab employees, contractors and vendors, because we are all serving our clients,” says Bashar Abouseido, Managing Director and Chief Information Security Officer at Charles Schwab.
“At our core, Schwab’s purpose is to help ensure the financial futures of our clients, and we reinforce to each employee this all starts with protecting the important and sensitive financial data we are entrusted with.”
Bashar Abouseido, Schwab Chief Information Security Officer
Each year Schwab uses Cybersecurity Awareness Month (recognized in October) as an opportunity to reinforce cybersecurity standards with employees.
To help make a subject that is often perceived as dry and boring more fun, the Schwab cybersecurity team worked closely with the awareness team to develop engaging training programs with the strong messaging the entire workforce can understand.
1. Start and end with people.
According to Bashar, Cybersecurity isn’t the job of one team, software or program. Everyone has to work together.
“In order to scale an engaging educational experience for over 32,000 employees, the Schwab team had to get creative—and personal.”
Bashar explained how a training like this can be personalized to employees.
“We’ve spotlighted Schwab policies, standards and security developments through immersive mediums such as gamified training and microlearning bundles. And we let Schwabbies learn at their own pace through a selection of live, on-demand and role-based opportunities. We’ve also launched a robust SecureIT Tour, where we engage smaller segments within Schwab to highlight how they can secure information and technology tailored to individual areas of Schwab’s business.”
2. Demystify a daunting subject.
“Cybersecurity speak” often sounds overly technical, abstract, and full of jargon. If employees are unable to stay focused on the training or grasp the concepts, it can make companies vulnerable to cybercrime.
To combat this, Bashar says the Schwab team ensures the training materials give employees a holistic view of the industry and its most pressing issues.
“For instance, we invite external cybersecurity experts to keynote our ‘Schwymposium,’ a speaker series focused on highlighting the real-life implications of upholding cyber best practices,” shares Bashar. “Our speakers educate employees on how the latest cyber-attacks are evolving, increasing employee context and knowledge. In addition, we teach best practices to all of our employees based on their role and hold them accountable.”
3. Use creative, immersive tactics.
“We know our employees are more engaged when they’re having fun, and although data security is a serious manner, learning its best practices shouldn’t have to be boring,” said Bashar. “So, we provide a hands-on learning experience.”
Highlights from the program include an immersive gamified series where employees engage in friendly competition while sharpening their cybersecurity skills, and an interactive cyber range competition for the application development community to generate tangible engagement while building teamwork.