By Steven Ward , CIO Manager, CSI
As a result of the COVID-19 pandemic, there has been a marked shift in how we work and use technology to stay connected and execute business. Many institutions are managing remote workforces while navigating the pandemic’s ongoing effects, leading to various challenges, including addressing cybersecurity threats.
Understanding the Risks
There is a variety of cybersecurity risks for financial institutions to combat, including:
- Phishing: As many employees transitioned to remote work in early 2020, phishing scams skyrocketed with attackers targeting personal email accounts in an attempt to compromise home networks.
- Malware: Cyber attackers are leveraging malware to obtain usernames, passwords and payment card information stored in a user’s browser. According to security vendor Carbon Black, attacks targeting the financial sector have increased by 238% from February to April 2020.
- IT Falling Behind: A recent Aite report noted that IT departments are often short-handed and are now responding to remote work environments’ challenges, leading to increased maintenance backlogs and slow response times.
- Business Email Compromise (BEC): The FBI issued a warning in early 2020 regarding a spike in BEC scams, which involve a criminal sending an email and imitating the owner’s identity, such as a company executive or recognized vendor.
How to Enhance Security for Your Remote Workforce
To defend against the ever-present threat of cyberattacks, consider the following tips to secure your institution’s workforce.
1. Provide Secure Internet Access
While providing employees with virtual private network (VPN) access will help mitigate cyber threats, there are risks associated with employees using their home networks for business when not connected to VPN. Security solutions that protect your network and users, but do not interfere with business activities are priorities. Encourage employees to address the following questions to reduce the penetrability of home networks:
- What is the quality of your home network
- Does your home network still have the default password?
- How old is the router?
- What protocols is it running?
- Do your personal devices have up-to-date malware and virus protection, the latest security patches and updated third-party software installed?
2. Create an Acceptable Use Policy
In this new hybrid reality, employees may be more likely to use corporate-owned devices for personal business. Create and communicate a clear Acceptable Use Policy and outline your specific policies for business devices. Your institution’s Acceptable Use Policy should also explicitly address work-from-home environments to educate employees on expectations and risks of remote work.
3. Use Mobile Device Management
If your institution issues business-owned devices to employees or if employees use personal devices for business, consider implementing mobile device management and encryption to safeguard all devices with access to your institution’s data. This technology will also allow your IT support staff to fix issues remotely or install updates.
4. Implement Web Content Filtering
Web content filtering can extend beyond a VPN connection, offering additional layers of security. By providing web content filtering capabilities, your institution can protect off-network devices while preventing employees from accessing malicious or inappropriate sites and mitigating threats like malware.
5. Enable Multifactor Authentication (MFA)
Multifactor authentication is one of the best ways to protect your workforce from the two largest threat vectors: social engineering and phishing. Through MFA, multiple credentials are required to verify a user’s identity. According to Microsoft, MFA can help prevent over 99% of account compromise attacks since a fraudster cannot gain account access solely by obtaining or cracking a password.
6. Strategically Invest in Technology
The number of available technology solutions designed to support your institution can be overwhelming, but remember that you should not invest in technology that does not align with a business objective or support revenue generation. As you consider technology options, think holistically about your institution’s IT strategy, goals and environment.
7. Develop Well-Documented Processes
Revisit key processes and determine how to integrate them in the new reality of remote work and if current technology accommodates existing processes or requires updates to enhance security. Auditing processes for efficiency will also benefit your institution as you determine whether processes are scalable, have the appropriate number of steps and if they will meet your needs in the future.
8. Promote a Security-Minded Culture
As employees work remotely, your institution should prioritize employee cybersecurity education to create and maintain a security-minded culture. By creating a culture focused on security, you can educate employees on proper online conduct and reinforce the importance of asking for assistance after engaging in potentially risky behavior.
Future of Remote Workforces
The way we work has been transformed as a result of COVID-19. As the financial services industry’s landscape continues adapting, your institution should prioritize security to serve your customers better.
Check out our remote workforce security infographic to learn more about how CSI can help you manage your remote workforce.
Steven Ward has over 29 years’ experience in technology with 14 years in community banking technology and currently serves as CSI’s vCIO manager.
This story appears in Issue 3 2020 of the NM Bankers Digest Magazine.