Cybersecurity Considerations for Remote Financial Services Workers

With so many people still working remotely because of the coronavirus pandemic, cybersecurity remains a top priority. That’s especially true in highly regulated industries like financial services.

Despite how heavily regulated financial services are, there are still many company leaders that don’t understand the true cybersecurity threats their employees face when they’re working remotely.

The following are some of the big things to know about remote workers in the financial services industry.


Consider a Cloud Workspace

Utilizing a cloud workspace for financial services should be an important part of your overall remote work and cybersecurity plan.

A cloud workspace will feature built-in mechanisms for both security and compliance.

A cloud workspace should be up-to-date on the current compliance requirements, and then employees can access databases and applications any time and on any device without worries about compromising cybersecurity.

This can also solve some of the problems that come with employees using multiple devices to work. Since they’re logging in using the cloud workspace, any device they’re accessing company information from will be secured.


Understanding the Risks

A big part of protecting your employees, your assets, and your business relies on having a true understanding of what the risks are. If you don’t know the risks, you can’t fight against them.

For example, according to recent data, organizations that fall into the category of financial services experience up to 300 times more cyber attacks every year than companies in other industries.

The cyberattacks waged against financial services companies went up 238%from February to April 2020, amid COVID-19.

You’re going to be able to get started developing a more effective and robust cybersecurity strategy simply by knowing what you’re facing.


Use of VPNs

One good option for employees who work remotely in financial services could be the use of a VPN as well. A VPN is a virtual private network, which securely connects employees to their employers’ services while they work remotely.

There’s an encrypted tunnel created by a VPN.

Traffic is routed through it, and the IP address, location, and identity are hidden. That means that data belonging to your company, your employees, and your clients is hidden.

If there’s even a chance that your employees are connecting to a public Wi-Fi network while they’re working, the use of a VPN is even more critical.

Besides incorporating VPN, it is necessary to think of making it more protected. One of the best ways to do so –  enable Multi Factor Authentication (MFA) for the corporate VPN. With the MFA it is possible to protect employees from both inbound and outbound threats when they work from home. Choosing the right security solution for VPNs is important to keep the company’s sensitive data safe. For example, if a hacker can access an employee’s Citrix VPN running on the laptop, he might be able to steal sensitive corporate data and cause irreparable damage.  While enabling Citrix MFA will help to prevent this by authenticating a user before granting access.


Multi-Factor Authentication

You should set up multi-factor authentication for your employees’ accounts because one password alone is not enough protection, especially in financial services.

Multi-factor authentication requires users to verify their identity with more than one bit of information before they can access an account.

For example, even if a password is compromised, the cybercriminal is unlikely to also be able to get that person’s mobile phone which they would need in order to fully breach the system.

The more layers of protection you have, the better, especially when there is the uncertainty that comes with your employees working remotely.


Set Guidelines For Employees

You need to make sure that you provide your employees with the tools and technology they need to safeguard sensitive data, and then on their end, it’s important that they follow certain guidelines.

Some of the things that you need to ensure your employees do when they’re working remotely include:

  • Tell your employees not to connect to the company network, apps, or tools using a public Wi-Fi connection if at all possible. Public Wi-Fi connections are a huge risk, which goes back to the tip above, of using a VPN connection before accessing information or systems.
  • There is a growing trend where cybercriminals are using video conferencing tools to steal information. Your employees should not accept call requests on platforms like Zoom or Microsoft Teams from anyone they don’t know.
  • Your employees have to read all emails carefully. They need to go over the details, including the email address of the sender and their name and contact information. Tell employees they should also be mindful of language that asks them to take any particular action, particularly if it says to do so quickly.
  • Give employees guidelines for updating software, apps, and tools regularly.

Phishing Training

While in many ways, cyber threats have grown tremendously in scale and sophistication in recent years, at their core, they have remained the same. One of the most successful types of attack that is waged against organizations is still the phishing attack.

Avoiding a phishing attack doesn’t require a lot of sophisticated technology. It just requires that your employees are well-trained and mindful.

Phishing attacks have gone up significantly since the coronavirus, and many of these campaigns are actually linked to the pandemic in some way. For example, a growing issue is the use of phishing to pretend to provide important information about the pandemic, with cyber attackers posing as being from a trusted source like the CDC.

Employees need to be well-trained in how to identify phishing and how to avoid it. This training should be updated often because while the basics of phishing stay the same, the approach can change.

Too often, companies in financial services will get so caught up in the technical aspects of cybersecurity and making sure they have the best tools in place that they forget that the human component really can be the biggest risk.

For example, according to IBM, human error accounts for around 23% of all breaches.

Along with the standard type of phishing detailed above, another risk is called a business email compromise scam or BEC. In this type of attack, the criminal will use the compromised email account of someone who’s a senior staff member and ask them to do something legitimate. However, the criminal gives them their own address, or they might hide malware in the email so that when it’s clicked, it can infect the device and maybe the entire network.

There’s no better time than now to evaluate your current security protocols and also think about providing cybersecurity training to employees.