By ECI | Tuesday, May 16, 2023
Our previous post showed how the hybrid or remote workforce can remain highly productive, assuming the right capabilities and platforms for employees to connect and collaborate are in place. The catch is that these accommodations in today’s modern workplace mean the IT environment will need enhanced security. As more collaboration tools are deployed across a more distributed array of remote devices and endpoints, attack surfaces expand and the number of threats capable of wreaking havoc on a financial organization multiply.
Fortunately, the right approach to cybersecurity, and the right MSP partner to help design and implement it, can address these vulnerabilities so firms can reap the benefits of the modern remote workplace, while sidestepping the potential security drawbacks.
Remote Workplaces Complicate the Cybersecurity Picture
In the pre-pandemic era, when most employees were all working in the same office, it was easier to know what devices they were using, understand what data they were accessing and spot problematic user behavior. Things are more complicated with today’s hybrid workplace, where far more company data lies beyond the old-school perimeter and more employees are working from unmanaged personal devices.
Modern attackers can breach an employee’s home network and use this access to sneak past the perimeter of more hardened corporate networks. They can also pilfer business data by stealing laptops and personal devices from coffee shops and other favorite hangouts of today’s remote workforce. What’s more, phishing, social engineering and other attacks tied to user behaviors are booming in an era where remote workers can breeze through slides of a computer security PowerPoint vs. sit through an in-person training – often forgetting or underestimating the importance of individual cyber hygiene.
The challenges are especially steep for financial services companies, thanks to the higher regulatory bar tied to financial transactions and data. These regulations are not only steep, but they’re global – as financial information remains subject to GDPR in the EU, the UK’s Cyber Essentials, multiple security rules in Hong Kong, and the SEC in the U.S., just to name a few.
Key Priorities for Securing Hybrid Work Environments
While each organization will need to customize its approach somewhat to safeguard its own specific remote workforce operations, there are some common components that typically make up the successful approach to securing such environments.
To begin with, some form of multi-factor authentication (MFA) or other access management protections are table stakes for any remote work ecosystem. And it’s important these protections are comprehensive of every platform that is accessible from the Internet—including VPNs, G-Suite, Office365 and other SaaS platforms. Extra layers of authentication, such as requiring multiple people to sign off on a request, should be applied for high-risk scenarios like initiating a wire transfer of a substantial sum of money.
Continuous monitoring is another key priority. With employees logging in from anywhere, at any time, having around-the-clock intrusion detection and prevention is non-negotiable. A Security Information and Event Management (SIEM) system can aggregate and analyze data and activity across IT infrastructures, offering real-time security analysis to proactively identify risks; and a more advanced XDR system can add endpoint protections as well.
Virtual private networks (VPNs) are also essential for securing the hybrid workforce, since VPNs establish an encrypted and private connection, even on a public network. The caveat is that not all VPN access is created equal, so configuration help from seasoned network engineers may be necessary. Throughout, transparency with the workforce is key; w clearly communicated protocols and cybersecurity guidelines must be communicated clearly and often with everyone who accesses company systems – regardless of where or how they’re doing so.
Given the to-do list, financial firms invariably find they need the help of a qualified MSP to secure the modern workplace. Especially with advanced systems that may leverage machine learning and statistical analysis to help interpret user behaviors and flag anomalies, you really need a team of experts that can contextualize and interpret cyber-risks in real-time, filter out the noise and respond proactively to the most critical threats. Otherwise, the benefits of today’s remote and hybrid workforce will be outweighed by the cybersecurity drawbacks.