Security: how banks can balance risk and productivity with remote workers
- Posted on May 7, 2020
- Estimated reading time 3 minutes
Banks take security very seriously. Maintaining the trust of their customers is paramount. Consequently, they have often imposed what could be seen as very draconian measures in the always-on, connected world most of us are familiar with. For example, many banks still restrict access to social media, and even the internet, to most of its users. Additionally, for many years, banks have resisted the move towards remote working, especially when it comes to front line staff (such as call center agents) due to the perceived risk. While effective, this approach has limited their ability to consistently provide remote working at this time of crisis, especially for front line workers.
The COVID-19 pandemic has challenged this approach. Almost overnight banks have had to deliver collaborative, remote and flexible environments in order to continue to support colleagues and customers. Branches and call centers have seen staff numbers reduced through illness and social distancing. Corporate offices have closed. Offshore delivery teams are now working remotely. The need and ability to move capability outside the traditional working environment is essential. However, delivering this requires a more flexible approach to security. Now, more than ever, there is a balance between risk and delivering a good customer and employee experience. This is something our CISO, Bob Bruns, recently talked about in a recent article: “Ice or square tires: Balancing security and productivity”.
Banks that get this balance right will not only increase employee engagement, but also impact customer satisfaction. It will put those organizations in a strong position at the end of this crisis. To help get this balance right here are some suggestion based on our experience:
- Ongoing awareness. Rather than occasional one-hour security training, Bob Bruns suggests moving to an ongoing awareness campaign that keeps security top of mind and uses bite-sized, entertaining videos to remind employees that security is everyone’s business. Continue to test your staff. For example, get your security team to send out ‘false’ emails to check staff awareness.
- Utilize flexible security. Multi-factor authentication, VPNs and Azure Active Directory all provide options for security protection that can be flexed to support risk - based on data, device, user, location and other factors. Microsoft has shared useful guidance for CISOs, such as turn on MFA for 100% of your staff, 100% of the time and distribute smartphone apps like Microsoft Authenticator; avoid free or consumer VPNs as a temporary option, despite increased demand on remote access; and integrate applications into Azure AD to benefit from single sign-on and identity-driven security. Additional advanced threat protection services, such as those within Office 365, extend protection to detect malicious links within email and zero day email-based attacks.
- Understand your audience. We’ve identified a range of remote workplace groups, including sensitive information workers, remote collaborators, BYOD workers and self-isolators. Each group requires a different approach based on the applications and types of information to which they have access. So, assess and develop appropriate security measures while recognizing one approach doesn’t fit all.
- Watch out for compliance gaps. Compliance is closely related to security. Protecting and governing corporate data has become the top priority for businesses seeking to modernize their workplace, especially with GDPR and the CCPA creating major pressures to stay compliant. There has been a number of compliance features turned on for Microsoft Teams and Office 365, such as data sensitivity labels and keyword monitoring for suspect behavior (such as insider trading). Microsoft has also recently released a separate Compliance Center and a new Compliance Score to complement the already popular “Secure Score” and Security Center tools. Read more on how to close out compliance gaps.
Getting the balance right between risk and productivity is critical, especially at a time when many bank staff are working remotely. Learn more about how Avanade is helping secure the enterprise below:
With each of our current blogs we’re sharing a good news story …
DBS in Singapore is working with two start-ups, Oddle and FirstCom, to help crisis-hit cafes to set up an online food ordering site in three business days. Oddle will support DBS clients by creating an online menu with integrated shopping cart, order management and payment gateways. FirstCom will promote outlets that already offer an online delivery service through social media marketing and help new customers set up a digital presence in less than five working days. FirstCom will integrate DBS’ digital merchant collections software as a payments and collections option. DBS will absorb the set-up costs and waive fees for the first six months.
During this time banks have the opportunity to be a powerful force for good. Customers will remember how they were treated. Banks can significantly influence their reputation by the way they behave at this time.