Like most organizations, Crédit Agricole Consumer Finance, the consumer credit division of the Crédit Agricole group, faced a dramatic rise in cybercrime threats during the COVID-19 crisis.
Phishing attacks targeting Crédit Agricole Consumer Finance increased six to eight times during the March 2020 lockdown.
Crédit Agricole Consumer Finance and its information systems security teams knew they would need to respond by increasing employee awareness of new cyber-risks.
"Because cybercriminals know how to use social engineering to achieve their goals, the first line of defense is not technology, but people."
— SANDY DUSSOTTIER, Group Chief Information Security Officer – Crédit Agricole Leasing & Factoring
When tech meets human ingenuity
Faced with evolving cyber threats, Crédit Agricole Consumer Finance, in cooperation with Crédit Agricole Leasing & Factoring, decided to strengthen its cybersecurity policy and reduce human risk. To create a culture of cybersecurity and to support its employees, the company runs security awareness events.
Crédit Agricole Consumer Finance called on Accenture to help it organize its first “cyber days”. Accenture contributed its experience in conducting cybersecurity projects, its knowledge of the cyber-threat landscape, thanks to its Cyber-Threat Intelligence network, and the ability of its teams to design tailor-made training. In cooperation with their partners, the Crédit Agricole Consumer Finance teams defined six major themes for the workshops: data confidentiality, workstation protection, password security, telework, hacking techniques and phishing techniques. Accenture led the digital and face-to-face workshops.
"We must persist to reinforce the daily vigilance of everyone in the company."
The first edition of the "cyber days" was a success. More than 340 Crédit Agricole Consumer Finance and Crédit Agricole Leasing & Factoring employees took part in the workshops in the first two days.
On average, each participant attended four workshops. The ability of the speakers, including experts from Accenture, to make complex, technical information more accessible has helped to increase awareness about cybersecurity.
The cyber days demonstrated that cybersecurity is not just about technology and that it is not the sole responsibility of IT teams, but that it is an integral part of the company's culture.
The Crédit Agricole Consumer Finance teams have launched other communication tools (newsletter, web series, podcast) to anchor the messages shared during the cyber days and make each employee a cybersecurity champion.
Crédit Agricole Consumer Finance has produced a new edition of the cyber days. The aim is to multiply the communication media to reach a wider audience and make each Crédit Agricole Consumer Finance employee an actor and a defense vector in cybersecurity.