The COVID-19 outbreak has prompted banks to move with lightning speed toward mobile work arrangements—and with that move comes pressing new considerations.
Supervisors are adjusting to managing remote workers. IT departments are feeling the strain of equipping huge numbers of people with secure network access and mobile devices. And security issues must be reassessed in the light of massive workplace changes made in the month of March.
“Boards are going to have to look at the banks’ digital policies,” said Thomas Grottke, a managing director who leads performance improvement consulting services for financial institutions at Crowe. “Just because they were able to pivot to a digital work environment doesn’t mean they don’t have work to do. A question for directors to ask is, how can you prove that the digital environment is safe and secure?”
Ensuring the bank’s fail-over capabilities is also critical, says Christopher Maher, CEO of Ocean First Financial, referring to the ability to switch automatically with standby computer servers, systems, hardware and networks. “We have three data centers in three states,” he said. “In a crisis, you have to assume you might lose one.” The COVID-19 pandemic has underscored the importance of redundancy in work space solutions that facilitate secure and remote networking and collaboration, such as VPN and Citrix. “You need multiple platforms,” he stresses. “You have to assume any one could shut down.”
Cybersecurity is also urgent. “In today’s distributed environment, every company has people doing work from home, and now there are far more,” Maher said. “The bad guys know there is disruption. Efforts to safeguard customer and employee data cannot be overlooked even in a crisis.”
Judith Pinto, a managing director at Promontory, an IBM Company, said the surge in remote work, while necessary, by its nature elevates the cybersecurity risks for firms. And the fact that firms had to move so many employees to remote work so quickly increases those risks.
“You have to think about how employees are accessing corporate networks,” she said. “If they are using their own laptops, you have to issue warnings about keeping their systems up to date.
Questions directors can ask include: How have we ensured that remote employees know and adhere to the bank’s information security policies and standards? What are we doing to avoid unapproved workarounds, such as storing information outside of secured environments? If we are using video conferences, are they transmissions encrypted and set up and controlled from a central IT source?
Promontory also listed steps banks can take to communication practical steps for employees to take to:
- Ensure that wi-fi passwords adhere to the firm’s password standards
- Ensure that wi-fi router management software is kept current
- Connect to corporate networks using secure means
- Store critical and confidential data on secure drives
- Ensure that latest patches and software updates are in place on laptops or workstations
- Limit the use of personal phones for transmitting sensitive or confidential data