Sep 08 2021

How Banks Can Protect Their Hybrid Workforces

Hybrid work will be sticking around. How can banks make sure they’re keeping employees and data safe over the long term?

Driven first by necessity, remote work has held its own over time as a practical and productive way to keep staff connected and keep bank operations up and running. While many banks are now making the transition back to more routine office life, most are opting for a hybrid framework. As noted by The Wall Street Journal, for example, Swiss bank UBS will allow two-thirds of its staff to split their time working in the office and at home.

No matter what hybrid approach banks choose, however, they must establish security policies that provide clear expectations for staff and reduce the possibility of data breaches. This is especially critical as retail transaction volumes ramp up across recovering global economies. Banks will be busier than ever in the coming months and can’t afford the risk of insecure hybrid environments.

Here’s what banks need to know about delivering consistent, comprehensive and actionable remote control.

Banks Are Targets for Phishing and Ransomware Scams

While security threats are continually evolving, the pandemic provided an opportunity for attackers to leverage phishing and ransomware more consistently against the banking industry, which now ranks third, ahead of retail, among the most-popular targets of “brand phishing.” 

This type of phishing attempts to mimic the webpages and URLs of familiar and trusted brands and convince bank staff to click through to malicious websites or download attachments which then compromise their account details.

Ransomware, meanwhile, continues to be the most pervasive and prevalent threat for banks. As noted by Banking Exchange, several U.S. banks were targeted in July as part of a $70 million attack carried out by the REvil cybercriminal network. 

Remote Work Breeds Bad Security Habits

Banks have historically relied on in-person, brick-and-mortar services even as other industries made the shift to digital frameworks. The pandemic upended this posture by forcing sudden shifts to remote work, and while productivity didn’t suffer as much as predicted by naysayers, there’s now a push to get back into the office. With public health policies constantly evolving, however, banks must retain hybrid flexibility to ensure continued operations.

This has led to emerging worries around secure hybrid work, including:

  • User access. Banks deal with highly sensitive personal and financial information governed by specific compliance and regulatory expectations around data due diligence. While hybrid work makes it possible for staff to stay on track at home, it also introduces the issue of potentially noncompliant access if employees are using insecure network connections or weak passwords.
  • Cultural disconnection. As noted by research firm McKinsey, hybrid work has contributed to cultural disconnects, especially if firms lack clear direction on return-to-work plans. Lacking the structure of in-house operations, staff are more likely to opt for speed over security, in turn opening potential avenues for attackers.
  • Absent oversight. According to CPO Magazine, lack of IT oversight has led to the adoption of risky behaviors among staff: Thirty-six percent of employees said they had discovered unapproved “workarounds” for company policies while working from home, and 49 percent said they adopted this risky behavior because IT departments weren’t watching.

WATCH: Invest in the right tools to protect your new way of working.

Practical Steps Banks Can Take for Protection

For banks to boost hybrid work protection, three steps are critical:

  • Regular security assessments from trusted third parties can help significantly reduce risk of data exposure. Here, banks should look for providers that offer end-to-end solutions including internet, intranet, application security, social engineering, incident response and simulated attack assessments to pinpoint key vulnerabilities and help create targeted remote work roadmaps.
  • Ongoing staff education remains the cornerstone of improved security response. Regular training around spotting phishing emails and reporting ransomware threats can both increase defensive success and create a culture that prioritizes communication around compliance and security processes.
  • Consistent protection policies around role-based access control, data usage and storage, and secure network connections must be clearly defined and broadly applied. In practice, this means that no matter where staff are working or what their role is in the organization, these rules apply equally.

Hybrid work isn’t going anywhere. Banks must make the move and adopt more robust security practices to deliver comprehensive remote control.

This article is part of BizTech's EquITy blog series. Please join the discussion on Twitter by using the #FinanceTech hashtag.

Equity_logo_sized.jpg

metamorworks/Getty Images