Financial Services · Cybersecurity Training

Cybersecurity training built for community banks, credit unions, and fintechs

Every FFIEC examination. Every wire fraud scenario. Every FinCEN advisory. In a live 60–120 minute session with an expert who knows financial services — not a generic IT trainer.

Personal — $150 → Business — $900 flat →
$2.9B+ Annual wire fraud losses (FBI IC3 2024)
3,800+ Financial sector ransomware incidents in 2024 (CISA)
$5.9M Avg. cost of financial services breach (IBM 2024)
⚠️ The financial sector is under active attack. ICBC paid $7M+ in 2023 Nov ransomware. Evolve Bank breach exposed Affirm, Wise, and Mercury customer data. Flagstar Bank leaked 1.5M records. FFIEC updated 2024 guidance. FinCEN issued ransomware advisory. See FFIEC-aligned training →
Why financial services training is different

You are not a tech company. Your threat model is fundamentally different.

A fintech startup has a different security problem than a community bank. The bank operates under FFIEC examination, GLBA Safeguards Rule, state banking department oversight, and FinCEN SAR reporting requirements. The threats it faces — wire fraud, ACH redirect, ACH batch spoofing, customer account takeover, vendor-managed network access — are structurally different from the threats that dominate other verticals.

Generic cybersecurity training doesn't address any of this. SecurEveryone's financial services program is built on the FFIEC IT Handbook, NCUA Examiner guidance, and FinCEN advisories — and uses real incidents (ICBC, Evolve, Flagstar, First American Title) as the core case studies.

Live training scenarios

Three drills. Every session built around your institution's actual risk surface.

Drill 1 · Treasury & Ops
Wire Fraud & BEC Defense for Wire Transfer Staff

Walk treasury and operations staff through the exact attack sequence that led to $2.9B in annual wire fraud losses. Covers spoofed executive email, ACH redirect during transaction processing, callback verification failures, and the FinCEN SAR decision tree if a wire goes wrong. Uses real incident patterns from BEC prosecutions.

Roles: Treasury, Operations, CFO, Controller
Format: Live scenario walkthrough, 90 min
Compliance: FinCEN Ransomware Advisory, FFIEC BCP
Drill 2 · Executive & IT
Ransomware Tabletop for Executives & IT

Walk leadership through a real ransomware incident scenario — from initial detection through FBI IC3 notification, FinCEN SAR filing, board communication, and recovery. Based on the ICBC incident and FinCEN's 2024 ransomware advisory for financial institutions. Addresses the specific decision points that community bank and credit union leadership actually faces during an active incident.

Roles: CISO, CEO, CFO, IT Director, Board
Format: Live tabletop, 120 min
Compliance: FFIEC Incident Response, FinCEN SAR
Drill 3 · Member Services & Retail Bankers
Phishing Recognition for Front-Line Staff

Train branch and member services staff to recognize the phishing and vishing attacks that target financial services customers — and the social engineering that targets the staff themselves. Covers credential-harvesting emails impersonating core banking vendors (Fiserv, Finxact, Jack Henry), text-based vishing, and impersonation of internal IT support. Includes live demonstration of real financial services phishing templates.

Roles: Tellers, Member Services, Branch Manager, Teller Supervisor
Format: Live demo + scenario drill, 60–90 min
Compliance: GLBA §314, FFIEC Security Awareness
Regulatory alignment

Built for your examiners — not just your security team.

Which compliance frameworks does this training address?

FFIEC 2024 Updated FFIEC IT Handbook guidance on cybersecurity, incident response, and vendor management — directly addressed in the ransomware tabletop and vendor risk drill.
GLBA Gramm-Leach-Bliley Act Safeguards Rule. Documented security awareness training for all employees who access customer financial data — required annually, verified at examination.
FFIEC CAT Cybersecurity Assessment Tool. Our training maps to the Identify, Protect, Detect, Respond, Recover domains. Completion records satisfy the "security awareness" maturity indicator.
NYDFS Part 500 New York Department of Financial Services cybersecurity regulation (effective for smaller entities Nov 2023). 72-hour notification, covered entity definitions, and annual certification — addressed in the ransomware tabletop.
SOC 2 For fintech companies and B2B financial services firms in the supply chain. Our SOC 2 readiness program →
FinCEN SAR FinCEN 2024 ransomware advisory. Ransomware payments can trigger SAR filing. Our incident response drill walks through the exact decision tree and notification timeline.
Pricing

One flat rate. Unlimited users. No per-seat billing.

Personal
$150
One-on-one session for an individual — risk assessment + threat walkthrough + Q&A, built around your specific institution size and charter.
  • 60-minute live Zoom / Meet / Teams
  • Role-specific threat scenarios
  • Industry-relevant compliance map
  • 24/7 emergency session (+$100)
Book Personal — $150 →
Executive
$390
For executives, C-suite, and senior leadership — covers board-level reporting, FFIEC examination prep, incident response planning, and vendor risk.
  • 90-minute executive briefing
  • FFIEC CAT risk assessment walkthrough
  • Board presentation framework
  • Incident response plan template
  • Priority emergency support (+$100)
Book Executive — $390 →
Business · Unlimited Users
$900
Train your entire institution — all branches, all roles, one flat rate. Covers treasury, member services, IT, and executives in separate targeted segments.
  • 2-hour comprehensive team session
  • Unlimited participants — flat rate
  • Role-specific drill segments
  • Compliance documentation package
  • Post-session exam evidence record
Book Business — $900 flat →
Common questions

Questions from financial services teams.

Is this training eligible for CE or CPE credits for banking certifications?

Yes. SecurEveryone provides a signed training completion certificate that most state banking associations, credit union leagues, and compliance organizations accept for continuing education credit. Check with your regulator — but our sessions are routinely approved for CRCM, CAMS, and AIB credits. We also provide a written training record suitable for FFIEC examination documentation.

Can we train front-line tellers and member services staff separately from the executive team?

Absolutely. The Business tier ($900 flat for unlimited users) allows you to run multiple sessions across different role groups — treasury and ops, member services, IT, and executives — all under one flat rate. We tailor the scenarios to each audience. Wire fraud recognition training for the teller line looks different from ransomware tabletop for the CISO.

How do you handle examiner documentation for FFIEC or state regulatory exams?

Every SecurEveryone session includes a written completion record with: session date, attendees (de-identified count), curriculum covered, threat scenarios addressed, and a signed attestation from the instructor. This documentation satisfies the FFIEC IT Handbook's requirement for documented security awareness training. We can also provide a formal Risk Assessment summary aligned to the FFIEC CAT that your examiner will recognize.

Do you work with fintech companies that aren't FDIC-insured?

Yes. We train a significant number of fintech companies, payment processors, embedded finance providers, and B2B financial services companies that fall outside traditional bank regulation. Our training covers the same threat patterns — wire fraud, account takeover, vendor risk — regardless of charter status. Fintechs that handle consumer funds or work with banking-as-a-service partners face the same BEC and phishing risks as community banks.

What's your approach to training credit unions vs. community banks?

Credit unions and community banks face virtually identical threat landscapes, but the compliance framework differs. Credit unions navigate NCUA regulations; community banks navigate OCC, FDIC, and state regulator frameworks. Our training maps to both. We also address the specific risks that credit unions face — member-facing vishing and phishing, shared branching vulnerability, and CUSO third-party risk — alongside the wire fraud and ransomware threats that affect all depository institutions.

Does the FinCEN ransomware advisory affect our training requirements?

FinCEN's 2024 ransomware advisory requires financial institutions to identify, report, and mitigate ransomware exposure, including maintaining BSA/AML compliance during ransomware events. FinCEN has flagged that ransomware payments can trigger SAR filing obligations. Our ransomware tabletop training specifically walks leadership through the FinCEN advisory requirements — including the ransomware payment decision tree, who to contact, and how to document the incident in a way that satisfies both the FBI IC3 report and the SAR filing obligation.

How often should financial services staff receive cybersecurity training?

FFIEC guidance calls for annual security awareness training at minimum. But in 2024, with wire fraud losses exceeding $2.9B annually (FBI IC3), annual training is insufficient for high-risk roles like treasury, wire operations, and member services. We recommend quarterly refreshers for wire-transfer-authorized staff, semi-annual for general staff, and tabletop exercises annually for the incident response team. Our Business tier at $900 flat makes quarterly training feasible even for smaller institutions.

Ready to train your institution?

Book a session directly below. Every session is live, expert-led, and built for your specific institution type — community bank, credit union, or fintech.

Personal — $150 → Executive — $390 → Business — $900 flat →
SecurEveryone · FFIEC-aligned training · GLBA / NYDFS Part 500 / FinCEN · $900 flat · Unlimited users