Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

Work from home security concerns for banking & finance businesses

Published : , on

By Paul Baird, Chief Information Security Officer, Qualys 

While remote working was initially adopted in a frenzy, many have since embraced the comfort and convenience of working from home and businesses have benefited as a result, with cost savings, improved employee wellbeing and enhanced productivity for most. Now that more than 80% of businesses are set to continue this for at least one day per week (Gartner), it’s clear that long-term remote working and increased flexibility generally will be a key part of the modern working approach. 

Yet, many businesses are still grappling with the connectivity and security risks that this brings. New research from Advisen has found a strong link between remote working and incidences of cyber attacks, with the financial sector the second most frequent target for attacks. As one of the most highly regulated industries and the nature of sensitive data held by banks and finance businesses, bad actors are preying on the recent disruptions to working approaches as opportunities to exploit this sector. 

Users play their part

One of the biggest security concerns caused by remote working is phishing scams. At the start of the pandemic, phishing emails increased by 667% in just one month. When working from the comfort of their own sofa, staff can easily fall victim to bad emails, links or files that they ordinarily would have been more savvy toward. Many security teams may have distributed security reminder posters around the office, but now that most offices remain empty, those posters are likely to be gathering dust and the messages long forgotten. 

Particularly during school closures when many professionals were juggling both work and homeschooling, corporate devices often became multi-use to serve everyone at home. Policies around this will vary across organisations, but the sensitivity of data that many employees within the banking and finance industry handle means this could lead to disastrous consequences. One absentminded click of a button could share data online or give hackers access to the systems that contain such data without the user’s knowledge. 

Paul Baird

Paul Baird

Perimeter based tools no longer fit the bill

The unknown and unsecured nature of home networks has created a further challenge for IT teams. Research from Bitsight found that nearly half of organisations had one or more devices accessing its corporate network via a home network that was infected with at least one piece of malware. Bad actors could likely infiltrate that home network and use it to laterally gain access to the corporate network and the critical assets within it. 

This is particularly concerning when the traditional controls may no longer be in play.  At the start of the pandemic, trusty VPNs that many organisations previously relied on for network access weren’t set up to cope with the sudden increase in demand. IT teams didn’t have the quantity of licences needed to cater for the entire workforce every day and scaling up presented a drain on bandwidth. When the mandate from management was “get everyone online as quickly as possible”, teams may have had to throw out their disaster recovery plans and forgo some security controls in order to maintain productivity.

Remote work has enabled a more flexible approach for some, but as many as 53% of workers feel that they need to be available throughout the day (CIPD 2021). As a result, security monitoring systems that analyse user behaviour to spot anomalies and detect breaches are now struggling to keep up. Logging on at irregular times, from unfamiliar locations or using new applications can all cause false positives and lead to alert fatigue . This has a knock on effect on security operations teams, where 60% feel overwhelmed by the volume of alerts and nearly half (43%) are struggling to prioritise and respond to alerts effectively (Forrester 2021). 

Other traditional security tools such as those that monitor endpoints and inventory assets in relation to the network could now be picking up personal data and devices that are also using the employee’s home network. This leaves IT and security teams with the dilemma of achieving an ethical balance between corporate security and individual privacy. Modern solutions enable greater control of exactly who, what, and when scans take place with an agent-based approach. This ensures security teams will only scan and have visibility of what is on the machine that has the agent installed. 

Re-align to today’s threat landscape

Now that the initial panic has subsided and we look to embrace differing levels of remote working long term, now is a good time to reassess our security posture, particularly the basic hygiene measures that fell to the weyside after the turbulent events of the last year. Traditional approaches required perimeter-based security with a focus on-premise, but cloud-based solutions will now deliver far greater support to IT and Security teams to protect both remote and on-premise endpoints. These new tools connect directly to the cloud via the internet, rather than large volumes of traffic attempting to stream through VPN gateways causing delays to implement vital patches or software updates. 

This solution is so much more than technology alone however, and those behind the screens shouldn’t be forgotten. Re-investment in cybersecurity training is more important now than ever before. A lot has changed since Covid-19 first hit, so re-education to combat today’s threat landscape is vital. Instead of an hour long webinar or an extensive written manual, the most effective training makes use of humour and relevant examples from daily life to ensure employees remember and follow best practices wherever they’re working from.

Wanda Rich has been the Editor-in-Chief of Global Banking & Finance Review since 2011, playing a pivotal role in shaping the publication's content and direction. Under her leadership, the magazine has expanded its global reach and established itself as a trusted source of information and analysis across various financial sectors. She is known for conducting exclusive interviews with industry leaders and oversees the Global Banking & Finance Awards, which recognize innovation and leadership in finance. In addition to Global Banking & Finance Review, Wanda also serves as editor for numerous other platforms, including Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post