BID® Daily Newsletter
May 9, 2019

BID® Daily Newsletter

May 9, 2019

Cybersecurity Best Practices For Teleworkers

Summary: As the remote work trend intensifies, it brings to the forefront the importance of strong cybersecurity practices. We provide some insight.

The problem with remote work for your employees could be distraction related. After all, a whopping 23% of millennials still live with their parents, according to Zillow research. So, noise levels at home might not be conducive to such things. Bankers will need to think about the broader context for sure, no matter the path chosen on remote working arrangements.
To help you here, we remind our readers that we recently wrote about the growing trend of flexible work arrangements, which includes working remotely. As this trend intensifies, it brings to the forefront the importance of strong cybersecurity practices.
Community banks can be particularly at risk when it comes to remote work security risks, since they tend to have fewer resources. As such, if you are planning on having teleworkers (aka remote employees), it's important to establish a well-defined policy for them. This includes utilizing strong passwords that can't be re-used, since replicating passwords can leave multiple systems vulnerable to compromise. Two-factor authentication is also a must, since password credentials can be breached.
It's also advisable to encourage employees to log off at the end of the day and turn off network sharing and Wi-Fi and Bluetooth connectivity (or have your IT team force a shutdown through the system each night to effectively "lock" open doors). Banks should ensure that their software employs end-to-end encryption too.
An additional idea is to limit employees' access to sensitive data whether at work or remote. This is true for all employees, but can be especially important in the case of remote workers. Employees should only have access to data they need for their job. It's also advisable to restrict employees from downloading unapproved software onto any corporate equipment.
Banks also need to ensure that any devices used by remote employees have up-to-date firewall, anti-malware, and anti-virus software. These devices should be fully encrypted for protection in the event it is lost or stolen too. Additionally, banks should make sure they have the capability to remotely wipe corporate devices if and as needed.
Another must is for remote workers to log in securely via VPN, for example. Employees who log in via unsecured Wi-Fi are a danger to the bank's intellectual property. This can be especially nettlesome since many mobile devices have Wi-Fi auto connect features.
Banks can't afford to take for granted that remote workers are following all the rules. Rather, monitor remote workers using any number of tracking apps. Be mindful that some states may require employee consent for these purposes too.
For cost-savings and convenience, there's been growing demand to allow remote employees to use personal devices for work purposes, but banks need to understand the risks such as the potential for cross-contamination. One cyber regulator some time ago said they saw "bring your own device" more as "bring your own danger" when it comes to banks, so be extra diligent.
When it comes to security for remote workers, there's no simple solution, so expect to refine as you go and have layers of protection. It's critical for banks that offer this option to be sure intellectual property remains secure as well.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Educating Customers on the Risks of Gaming Platforms
Online gaming platforms have become extremely popular in recent years, with 76% of children under 18 playing regularly and connecting their parents’ credit cards and bank cards to their gaming accounts. Financial education about the risks of online gaming payments can add value for young and older customers alike.
Spoofers Target CFI Customers
A June 2022 report from Allure Security, a cybersecurity firm that specializes in protecting financial institutions, says that about 20% of CFI’s are the targets of website impersonation attacks. Rather than simply assume that website impersonation attacks are something that happens to larger banks, CFIs should be proactive about protecting themselves and their customers from this kind of fraud. We explore a few tactics to keep your CFI and your customers safe.