In the fallout from the COVID-19 pandemic, a surge in employees working from home means that banks are increasingly susceptible to phishing and other cyberscams. For example, exposure to malware on shared home devices could put banks at risk if processes and controls are not effectively managed.
According to the Centre for the Study of Financial Innovation’s “Banking Banana Skins 2021” report, “COVID is forcing operational changes on the banks, such as work dispersal and technological adaptation, which are opening up new opportunities for security breaches and cybercrime. A serious incident could cause havoc—in the worst (though very unlikely) case, bringing the global payments system to a halt.”
Many banks already had the infrastructure in place to support some level of remote working, but few could’ve expected the enormous surge in demand. These institutions must have the ability to determine that users are who they say they are, and that they’re behaving in the manner consistent with their profile. Are they using their own devices? What’s the policy around phones, tablets, and other devices?
As always, the solution lies at the intersection of people, process, and technology. Viren Patel, strategic industry advisor for financial services at Workday, explains how banks are dealing with this insider threat with a three-pronged approach: prevention, detection, and response and analysis.
“Prevention is always the first place to start. That means ‘at-the-door authentication,’ and includes the usage of password managers to generate secure passwords and to have good failure policies in place. It also incorporates multifactor authentication (MFA),” says Patel.
“Organisations should understand who their users are, what their roles are, and how authentication requirements change across roles. It’s important for businesses to understand that policy reviews and updates are critical over time.”