This type of phishing attempts to mimic the webpages and URLs of familiar and trusted brands and convince bank staff to click through to malicious websites or download attachments which then compromise their account details.
Ransomware, meanwhile, continues to be the most pervasive and prevalent threat for banks. As noted by Banking Exchange, several U.S. banks were targeted in July as part of a $70 million attack carried out by the REvil cybercriminal network.
Remote Work Breeds Bad Security Habits
Banks have historically relied on in-person, brick-and-mortar services even as other industries made the shift to digital frameworks. The pandemic upended this posture by forcing sudden shifts to remote work, and while productivity didn’t suffer as much as predicted by naysayers, there’s now a push to get back into the office. With public health policies constantly evolving, however, banks must retain hybrid flexibility to ensure continued operations.
This has led to emerging worries around secure hybrid work, including:
- User access. Banks deal with highly sensitive personal and financial information governed by specific compliance and regulatory expectations around data due diligence. While hybrid work makes it possible for staff to stay on track at home, it also introduces the issue of potentially noncompliant access if employees are using insecure network connections or weak passwords.
- Cultural disconnection. As noted by research firm McKinsey, hybrid work has contributed to cultural disconnects, especially if firms lack clear direction on return-to-work plans. Lacking the structure of in-house operations, staff are more likely to opt for speed over security, in turn opening potential avenues for attackers.
- Absent oversight. According to CPO Magazine, lack of IT oversight has led to the adoption of risky behaviors among staff: Thirty-six percent of employees said they had discovered unapproved “workarounds” for company policies while working from home, and 49 percent said they adopted this risky behavior because IT departments weren’t watching.
WATCH: Invest in the right tools to protect your new way of working.
Practical Steps Banks Can Take for Protection
For banks to boost hybrid work protection, three steps are critical:
- Regular security assessments from trusted third parties can help significantly reduce risk of data exposure. Here, banks should look for providers that offer end-to-end solutions including internet, intranet, application security, social engineering, incident response and simulated attack assessments to pinpoint key vulnerabilities and help create targeted remote work roadmaps.
- Ongoing staff education remains the cornerstone of improved security response. Regular training around spotting phishing emails and reporting ransomware threats can both increase defensive success and create a culture that prioritizes communication around compliance and security processes.
- Consistent protection policies around role-based access control, data usage and storage, and secure network connections must be clearly defined and broadly applied. In practice, this means that no matter where staff are working or what their role is in the organization, these rules apply equally.
Hybrid work isn’t going anywhere. Banks must make the move and adopt more robust security practices to deliver comprehensive remote control.
This article is part of BizTech's EquITy blog series. Please join the discussion on Twitter by using the #FinanceTech hashtag.