Managing fintech security remotely: overcoming challenges with WFH setups
As the world shifts to conducting business from home during the coronavirus (COVID-19) crisis, online transactions are surging. Financial transactions of all kinds are increasingly moving online, with consumers turning to ecommerce for the vast majority of purchasing needs, from groceries to household items.
The trends of remote work, online purchasing, and increased transactions bring new security challenges for fintech companies. Cybercriminals are taking note of all these new patterns, looking for opportunities they can exploit for their own monetary gain: ranging from going after consumers directly to phishing employees at fintech companies for a bigger payday. Research from TransUnion shows that as digital commerce has spiked recently, 22% of consumers have been targeted by digital fraud related to COVID-19.
As a result, the IT teams at fintech companies are straining to process a record number of transactions, support both customers and internal teams, and ensure security of all processes, even while they themselves are also dealing with the challenges of working from home. How can IT teams manage this all at once?
Let’s take a look at what IT staff can do during this time of crisis to ensure that financial transactions on the mainframe remain secure, from staying focused to educating employees.
Working from home comes with its own unique set of distractions, on top of the ever-present stress of these uncertain times. Whether your kids are looking for your attention, your dog is begging to go for a walk, or your cat has decided to perch on your keyboard, it’s understandable that it can be difficult to stay focused right now. But, these kinds of distractions increase the potential for human error that could leave systems vulnerable to cyberattacks.
Are the people who are responsible for security and risk management truly focused the way they need to be right now? If not, things are bound to slip through the cracks, and that’s a huge risk for financial companies. Worse still, even if your security admins are focused, they may be having trouble getting timely responses on issues they raise. In order to maintain security during this time, it’s essential that everyone in the security chain of command does what they can to stay focused on the security issues that could bring the business to its knees.
Handling remote access
Working from home also presents unique security challenges in terms of managing the vast number of employees who need remote access. Remote work means greater cloud usage and greater VPN usage, which can expose some of the security risks inherent in IT infrastructures that are built primarily on the cloud, rather than those that are primarily mainframe-based or hybrid.
Distributed security management requires the essential functions of authorisation, authentication, encryption and access control, each provided by a different group of individuals. These functions are greatly complicated when employees are working from home, and it’s a major challenge for fintech companies today.
Smart tokens that are usually used for authentication are expensive, and training is a nightmare. On top of that, help desks are straining to keep up with the volume of calls. Cloud computing companies don’t necessarily have the staff needed to reroute all of these employees through the appropriate firewalls. As a result, people are slipping through the cracks. It’s a hacker’s dream.
Invest in employee education
Work-from-home setups have dramatically increased the attack surface area, opening numerous avenues for cybercriminals to attack. As employees bring corporate devices onto unsecured networks, those devices are more susceptible to attack, since IT teams can’t control or protect home networks. With this more distributed attack surface area, we expect that cybercriminals will increasingly take a people-centric approach to phishing attacks. It’s a serious risk for fintech companies, who are responsible for protecting very sensitive customer information.
As a result, the success of an enterprise security strategy will largely depend on how quickly organisations can move from a network-centric approach to a people-centric approach to phishing prevention. Products like Zoom, in particular, are a nightmare for network engineers, as they are riddled with vulnerabilities of their own and difficult to manage.
Educating employees is one of the best ways fintech companies can defend against phishing attacks. Users are often the weakest link in phishing defence, as people are prone to engage in dangerous behaviour like opening email attachments from unknown senders. Organisations need to address the end-user awareness and knowledge gaps that could be negatively impacting cybersecurity defences.
That starts with developing and mandating phishing awareness training for all employees, so employees have the knowledge they need to make sure their actions aren’t creating more risk for the organisation. The success of these programs can be difficult to manage, since ultimately success means the absence of successful phishing attacks. But, fintech companies can use tactics like surreptitious testing to make sure employees have fully absorbed the lessons into their daily actions.
In this period of global uncertainty, our collective success will depend on how well we work together. That also rings true for IT teams tasked with managing security remotely today. Stay focused on your security management functions, but also take the time to invest in employee education, so your employees can help you in turn.