By Martin Ward, Director, Security Governance Risk and Compliance, iManage

Will finance professionals return to their offices once the pandemic fades away?

If Goldman Sachs had their way, they’d have all their professionals back at their desks as soon as possible, chalking up the remote work of the past year as an aberration. Meanwhile, over at JP Morgan, the plan is to allow approximately 10% of its workforce to work from home full time, with others able to work remotely at least some of the time.

As for Wells Fargo? They’ve told their roughly 200,000 employees working away from the office to plan to do so for quite a few more months, until early September.

In short, across the banking and finance world, there is no one, single plan of action. It remains to be seen exactly how things shake out or in what numbers people will return to the office. However, one thing that seems clear is that a hybrid model that combines remote work-from-home arrangements with in-office work will continue for the near to medium term.

Given this reality, it becomes more important than ever to be aware of the security and data protection risks of working from home – and the role the cloud can play in overcoming these challenges.

The Risks of Being Remote

When it comes to working from home, risk can arise in a multitude of ways. Risk might come from a remote worker who starts routinely mixing ‘business and pleasure’ by using their work laptop for personal emails or web browsing – in the process, creating a much riskier profile than if they were at the office.

In addition to using a work laptop for personal activities, they might start using their personal computer for work activities. Perhaps a user decides to ‘quickly’ hop on their home computer over the weekend to browse some spreadsheets or crunch some numbers because it’s more convenient than digging out and booting up their work laptop. Given the fact that users are three and a half times more likely to have malware on their home PC’s than their desktops in the office, this is a quick way to introduce significant risk.

Then there’s the ever-present threat of phishing attempts and malware, which shows no signs of slowing down. As the global guardians of wealth and capital, financial services organisations remain a perpetual favorite target of bad actors, and by some estimates, cyberattacks are up 400% compared to pre-COVID-19 levels.

Essentially, successful remote working requires carefully navigating a series of potential security landmines every single day – because all it takes is one wrong step for sensitive and confidential data to be compromised.

Moving to the Cloud, Reducing Vulnerabilities

In this ongoing security war, consider the cloud a weapon that helps level the playing field for banking and finance organisations who have professionals working from home as part of an ongoing hybrid work model.

The cloud is a logical move for many reasons, starting with the fact that most cloud vendors simply have more resources that they can dedicate to security and keeping up with all the latest developments and advancements around how to develop and deliver a platform that keeps information secure and governed.

The more that enterprises can remove systems and data from on-premises environments and shift them to the cloud, the more they’ll reduce the size of the target on their back, and the better off they’ll be.

A move like this means that all those finance professionals who are working from home – either on a temporary or more permanent basis – will be logging into cloud systems that are highly secure and protected. They’ll be able to get work done and collaborate – both internally with colleagues, as well as externally with clients and partners – securely.

The systems that should make the leap to the cloud aren’t just the likes of billing, CRM, or document management – security technologies such as identity management and threat monitoring also need to shift from on-premises to the cloud. Having real-time, 24/7 monitoring based on an individual’s own unique behavioral profile helps identify any suspicious activity happening on a remote worker’s device.

Are they accessing or downloading more files than normal? Is there an unusual amount of traffic coming from their device? Having cloud-based threat detection can mean the difference between a breach that is immediately detected and one that goes unnoticed for days, weeks, or months.

Less Touch Means Less Risk

Just as moving to the cloud helps remove vulnerabilities for finance organisations, there are ways that a cloud itself can be designed and architected to remove vulnerabilities and reduce the potential for data to be compromised.

Security approaches such as Zero Trust and Zero Touch are key here. A Zero Trust framework assumes absolutely no level of trust, whether that’s trust of networks, trust between host and applications, or even trust of super users or administrators.

Zero Touch goes one step further, using automation to take the human out of the equation for everything from routine server maintenance to more advanced troubleshooting – ensuring that no employee actually has hands-on access to sensitive data.  With these approaches, organisations can actually ‘automate out’ the weakest link – i.e., humans – for much enhanced data security and protection.

This type of security framework is difficult to implement retroactively, so finance organisations should ensure that in moving to the cloud they’re not simply swapping one security risk for another by moving to a poorly architected cloud platform that can’t accommodate Zero Trust or Zero Touch principles.

But if they choose wisely, finance organisations can ensure that their move to the cloud provides the strong, robust security that they need for their data – safeguarding against risks and ensuring that their professionals can continue working both remotely and securely for as long as needed.