J.P. Morgan did not comment on the phishing test, but a memo issued following the hack prohibits employees to use work email addresses for personal use, including registering for social media accounts or shopping sites.
J.P. Morgan expects to spend around $500 million in 2016 on cyber security, twice the amount spent in 2014.
Brian Moynihan, chief executive at Bank of America Corp., said the company’s cybersecurity budget is essentially unlimited, and the focus is increasingly on the employees. The bank discourages employees from using out-of-office voicemail and email features since they can alert criminals to unattended computers, a person familiar with the company said.
Wells Fargo & Co. spends an “ocean” of money on cybersecurity, according to CEO John Stumpf in a recent interview. A spokesperson declined to give an actual budget number.
Tracking Employee Behavior Gets Tricky
Banks are finding it hard to decide how far to go to track employee behavior on social media websites where information might get posted that hackers could use to determine the best target in an organization. The situation becomes more difficult for banks if it involves postings that are personal in nature like vacation pictures that can give criminals an opportunity to break into the person’s home and nab their laptop, according to cyber experts.