Bank security: The challenge of hybrid working
- Posted on June 2, 2021
- Estimated reading time 4 minutes
At the start of the pandemic, every bank rushed to move their staff into working from home. For some, it was the first time they’d ever done so. It was a major cultural shift – and a major security issue, too. Banks had strict controls on internet access in the office, for example, but the use of new technologies and less experienced remote working is a recipe for increased ransomware and breaches.
The rise of cyber-attacks at home
Cyber-criminals have been targeting employees working from home for the last year, using phishing attacks (for example) that exploit pandemic uncertainty to entice users to open fraudulent attachments or grant attackers access to networks. Research by BIS has shown that there is a strong link between the prevalence of working from home and the incidence of cyberattacks. They found that the financial sector ranks high on both accounts. Home offices are nowhere near as protected as head office with secure firewalls, routers, and access management run by its security teams.
There are network access challenges with VPN profiles, which often have weak access control. Identity access may be via single sign-on rather than multi-factor authentication. There may be gaps in remote working infrastructure, which leads to weak points through which hackers can access systems. If systems aren’t configured properly then any protection in place will simply not be effective. However, banks are using desktop monitoring software to analyze staff behaviour at home and some have improved their core transaction systems to spot unusual patterns.
In a household, multiple family members could be logging on to the same network, which could expose devices to malware that could then enter a firm’s systems. Using your child’s laptop to send emails may not be the most secure method available. Regulatory rules require that traders’ calls are recorded and monitored, but traders have been working from home and calls may go unrecorded. Also, while expanding the number of self-service options available to customers online – for wealth management trades, mortgage, loan applications - having robust security controls becomes even more essential.
Return to work?
One US survey found that 70% of financial services employers believe employees should be at their desks at least three days per week to maintain a distinctive culture. However, only 20% of employees in the survey wanted to return to the office for three or more days per week, showing a mismatch in expectations that will be a major management challenge for banks.
There’s been an interesting divergence in response from the major banks. Goldman Sachs CEO, David Solomon, rejected the idea that home working would be the ‘new normal,’ arguing that having staff at their office desks was an important part of its culture. JP Morgan announced that 10% of the US investment bank’s 255,000 employees may work from home full-time. HSBC’s UK call centre staff – 1,200 workers - are in discussions with the bank about making a permanent switch to remote working.
It’s time to increase remote working security
Clearly, we’re scratching the surface here. That’s why we developed a cybersecurity FAQ guide to support remote working, covering employee security, access and applications, secure collaboration and information security. For one major bank, with over 200,000 staff, we helped set up 90% of their people as home workers within six weeks, using a fully cloud-based solution with no extra hardware or infrastructure requirements.
Remote working for banks is not going to disappear. It will form part of a new way of hybrid working, including home and office activity, as the pressure of the pandemic reduces. However, banks will need to ensure that remote working is much more secure now than it was at the start of the pandemic.