Shane Harkins, Chief Information Officer of NDBT, said if cybercrime were a country, it would rank as the world’s third-largest economy, trailing the United States and China. With such enormous stakes, vigilance, education and layered protection have never been more important.
At NDBT, those priorities guide everything the bank does to safeguard customers and strengthen internal systems.
“Cybersecurity is a people problem,” Harkins said. “Machines are predictable; they do what they’re told to do. Humans are not so predictable.”
Here are five key things to know about cybersecurity and what NDBT is doing to help.
1. The human factor matters most.
Most data breaches still trace back to human error, even though sophisticated software and systems are essential.
Harkins noted that 65% of data breaches reported by Verizon in 2024 started with people, not machines. That’s why NDBT invests heavily in employee education, vendor training and internal testing to reinforce good habits and awareness.
The bank regularly hosts cybersecurity luncheons for customers, providing insight into current threats and practical safety measures.
“We have to continue to reinforce the behavior we want to see,” Harkins said. “The bad guys only have to get it right once; we have to be right all the time.”
2. Strong passwords and multi-factor authentication work.
One of the simplest ways to protect personal information is through what NDBT calls password hygiene. The bank enforces strict password policies internally and encourages customers to use unique passwords for every site.
NDBT also promotes multi-factor authentication to add another layer of defense.
“Whenever possible, turn [multi-factor authentication] on,” Harkins said. “It works.”
Lastly, Harkins stressed to never join anything that says, “free wifi,” as that could grant access to personal information.
3. Phishing is still a billion-dollar problem.
Despite years of awareness campaigns, phishing remains one of the most common cybercrimes. Harkins noted that phishing alone generated $3.5 billion in losses in 2024. To keep employees sharp, NDBT runs regular phishing tests, using fake emails from HR or IT to mimic real-world tactics.
“We publish the scoreboard to let [our team] know how we’re doing on our click-throughs,” Harkins said. “[When someone clicks, we ask], ‘What was it about that email that caused you to click? What was it that made you believe it was real?’ I’m trying to learn, ‘How did I hook you?’ because if I can do that, then somebody else can do it. [Then I ask], ‘Do I need to change my training?’”
The same principles apply to customer communication.
NDBT never includes full account details in emails and always encourages clients to call the number on their debit card if something seems suspicious.
4. Technology and training go hand in hand.
Cybersecurity isn’t just about preventing attacks; it’s about detecting unusual behavior early.
NDBT uses behavioral analysis to identify anomalies in customer activity. For example, if someone logs in from Texas and, minutes later, from California, the system flags the event as impossible travel.
The bank also uses machine learning to detect fraudulent checks. It analyzes 17-20 unique indicators on every check to test authenticity.
“It’s a constant investment in technology ... to try to make sure we know when it’s [the customer], and we know when it’s not,” Harkins said.
5. New threats are evolving with AI.
The rise of artificial intelligence has brought powerful new tools for AI attacks. Harkins cited a recent case where hackers used AI to identify vulnerable companies, write malware and even calculate ransom demands.
“In 2025, for the first time ever, we had a well-documented AI attack, where they weaponized an AI [system],” Harkins said.
AI can even replicate a loved one’s voice or generate realistic photos to make scam messages feel urgent and convincing.
Harkins said if these messages or phone calls are received, pause and call your loved one yourself.
NDBT’s goal is to stay ahead of these shifts through collaboration, ongoing education and information sharing with other institutions.
“It’s changed into a community of trying to help each other instead of casting stones,” Harkins said.
Staying secure together
From internal employee testing to customer education, NDBT’s approach emphasizes both technology and trust.
“Every person in our organization, from our board to our mailroom, gets this training,” the CIO said. “Even if they don’t use it at work, ... we want them to use it in their personal life.”
To learn more about NDBT’s cybersecurity initiatives or attend an upcoming cybersecurity luncheon, visit ndbt.com/cybersecurity.
The above story was produced by Multi-Platform Journalist Sydney Heller with Community Impact's Storytelling team with information solely provided by the local business as part of their "sponsored content" purchase through our advertising team.
