As healthcare experts work to mitigate the Covid-19 pandemic, the banking industry is faced with fighting other viruses.
Cyber attackers are known to be opportunistic, pouncing during times of anxiety and uncertainty. Rest assured, they won’t let up once the coronavirus has run its course. While information technology directors are focusing their attention on processing huge volumes of Small Business Administration loans and assisting bankers working remotely for the first time, computer virus and malware threats continue to rise. If not handled effectively, this could threaten the security of the financial system.
Dr. Anthony Fauci, head of the National Institute of Allergy and Infectious Diseases, cautions that Americans need to prepare for the possibility that Covid-19 could return — or even become a seasonal disease. With such prospects, savvy bank directors should familiarize themselves with their institutions’ data security and technology infrastructure. Here are six points to consider when assessing the future of their bank’s information security system:
Look again at business continuity plans. While your bank may have one, it likely did not consider the immediate worldwide demands for laptops and network hardware needed to configure remote work capabilities. Nor did these plans likely consider supply chain interruptions when factories shut down in Asia, where the virus was first detected. The lesson: If you wait until the next global emergency occurs, you might be too late. Plan now.
Consider the increased risk with more employees working remotely. The larger the inventory — coupled with less control of who uses the computer — the tougher it is to protect. An even more concerning practice is allowing bank employees to use personal computers to access bank networks. Firewalls, spam filters, anti-virus software and other security measures should not be determined by individual employees.
The Cybersecurity and Infrastructure Security Agency has issued guidance related to remote work and defending against Covid-19 scams. One of their tips is to ensure virtual private networks, or VPNs, have the latest software package and configurations, and that current anti-virus software is installed and up-to-date. Multi-factor authentication is another must-have for protecting your bank’s network.
Make sure you have enough IT support. Even before Covid-19, there were not enough qualified technical staff to fill available positions. The increased demand for remote connectivity has further stretched IT departments. Make sure your technology departments are fully staffed, or have access qualified outside help.
Be sure employees are hyper-vigilant. Attackers hope that more distance between coworkers will equate to guards being lowered. Ensure that employees are regularly reminded of social engineering, email and other current threats to increase top-of-mind awareness of cyber security.
Be aware that some attacks are physical. We typically think of cyberattacks occurring “invisibly,” through system networks and software. But at least one entity is now mass-mailing infected “free” USB drives to financial institutions. Remind employees to discard any hardware that comes from unknown sources.
Consider the benefits of cloud technology. A recent article in The Wall Street Journal described how remote-work capabilities could become more common as money tightens and daily operations need more flexibility. Cloud computing is both more efficient and flexible, and is easily scalable. Bank regulators have taken notice, saying that outsourcing such technologies gives banks more options.
Time will tell, but this may be a turning point for American business. As more workers have established a routine for working from home — and have found surprising levels of efficiency and productivity — it’s expected that this could become more of the norm, at least in the near term.
Some in the financial services industry have been slow to change; they may now be forced to out of necessity. It’s incumbent upon directors to champion for this flexibility and resiliency by ensuring their data security and information infrastructure is ready to handle it.