The risks have changed. So must our security strategy.
January signalled the end to the UK’s work from home order. Many financial service institutions are sounding the horn to return back to the office.
But even as they do, one thing’s for sure. In this sector, hybrid working is here to stay. Both HSBC and Lloyds have announced they will cut office space by 40% and 20% respectively in 2022.
Teams have adapted to hybrid working. They’re enjoying the greater flexibility it offers. And they’ve even learned to get past the stilted Zoom chat. For many, it’s brought a rise in productivity. And let’s be honest, no one is in a rush to return to long, stuffy tube commutes…
But from a cyber security perspective, the fast shift to remote or hybrid working introduced many challenges.
Let’s talk about the risks
The hasty transition to remote work left many people in a tough spot. Some had no choice but to use non-trusted personal devices for work. Others, unsecured networks. Without the right systems in place, these actions led to an increase in entry points for malware.
As if businesses didn’t have enough to deal with, they faced a rise in phishing scams. Not to mention the spike of cyber attacks targeting financial service organisations. The first half of 2020 saw a 238% increase, according to VMware.
Many organisations rushed to shift from traditional data centres to the cloud. To get this done, some compromised or cut corners. And hackers were sure to take the chance to exploit any vulnerabilities this exposed.
Financial service organisations responded to these risks by reconsidering their cyber security strategies. They had to update their policies to better protect their sensitive customer data. And let’s not forget their reputation!
But even two years into the pandemic, some organisations are not able to deal with the increased risk. The technology might be in place. But have the people been given the right tools to navigate the ‘new normal’?
How can financial service organisations drive cyber resilience in their teams?
The modern workforce has adapted to fluid work locations. We’re experts in tackling whatever curveball the pandemic throws at us. And we’ve accepted it’s permanence.
Cyber security professionals need to step up to the plate. Remote working doesn’t have to be risky for businesses. But to keep secure, they should re-shape their security strategy for hybrid teams.
Traditional practises around centralised security are a thing of the past. Embracing the borderless security mindset is the way forward. Cyber security must be viewed beyond the sheltered walls of the office.
The future is creating a strategy that keeps employees safe. Whether they’re working from London, Latvia or Las Vegas.
Moving on from legacy measures
Security awareness training has played its role. But let’s recognise the need to go above and beyond this.
At this point, relying on endless e-learning and phishing simulations as the main defence is nothing but ignorant. The last thing people want or need is more boring training!
What people know doesn’t matter. At the end of the day, it’s what they do that counts.
Businesses need a strategy that goes further than targeting awareness. They need to aim to change behaviour and security culture as well. If your strategy is not centred on improving in all three of these areas, it’s failed before it’s even begun.
The answer is in your data
We live in a data-driven world. Organisations have a ton of it. And collecting data around specific goals can be key to informing their decisions.
Gathering data on how employees behave will help you understand what they are doing. More importantly, it will give visibility into why. Businesses can then use this to form their strategy and drive behaviour change.
Data can also be used to evaluate a business’ performance. Organisations should review often, and ditch any ineffective actions. And focus on doing more of the things that are working. It’s simple!
The truth is hybrid working has created a disconnect amongst teams within a business.
Online messaging has many uses. But it can’t replace those casual conversations over a cup of coffee in the office.
Having a co-worker glance over your shoulder to check something feels a whole lot easier than reaching out online.
*Ping* Sorry to message again, but would you mind having a look at xyz when you’ve got a chance?
It just doesn’t have the same ring to it.
But this could be the difference between checking with someone when you receive a malicious email before clicking on it.
When it comes to facing cyber risk, people are on their own more than ever before. As security professionals, it’s our responsibility to equip them with the tools to support and assist them.
Shape up, or face sanctions
Governing bodies have been clear that hybrid working is no excuse for firms not to meet regulatory expectations. Organisations are responsible for their compliance, global pandemic or not.
At the end of 2021, the FCA issued new guidance. Firms must now be able to prove remote working will not increase the risk of financial crime in their organisation. They’ll be evaluated on a case by case basis. And if they’re found lacking? They risk hefty consequences…
Even in a post-pandemic world (we’ll get there one day), the cyber security landscape will continue to evolve.
Having an agile strategy that moves beyond traditional ideas of security will be key to staying safe. And if ever you need help with this, we’re only a click away…
How can I manage human cyber risk in a hybrid working world?
Interested in learning more about how financial service organisations can manage cyber risk? The ‘Hybrid working is not an excuse for more crap e-learning’ webinar might be just what you need! Join the panel of industry experts and hear their discussion on how to use data to protect a hybrid workforce.
You can access the recording here.