Many companies within the financial services industry now embrace remote working environments. New technologies provide opportunities for employees and independent contractors to work outside the traditional office in remote or home offices. Sales staff, customer service agents, and even underwriters can effectively operate in separate locations while remaining connected to the job via computers and the internet. Companies benefit from lower costs, reduced turnover, higher productivity, and improved job satisfaction among those who participate.
When considering a remote working arrangement, financial service companies must also consider the security risks sustained with a remote workforce. Policies and procedures must address compliance requirements, securing electronic devices, and protecting sensitive company and customer data and assets.
Key Security Risks Involved When Supporting Remote Workers
Security risks fall under two main categories: Cybersecurity and Physical Security.
A remote workforce increases the need to address both cyber and physical security at the remote location. The transition must meet compliance requirements, protect the safety of the worker, and guard against both online and physical security threats.
Online Security Breaches
In financial services, online security breaches get the most attention. One mistake can put millions of records at risk of identity theft, costing the company money, and eroding customer trust. To protect against losses, companies institute security measures that address the threat of both outside hackers and internal theft.
Remote workers add another layer of risk because it is more difficult to monitor employees and independent contractors from afar. When setting up a remote office, the business must secure the equipment used as well as the internet connection. An employee logging in through an unsecured network or device can put proprietary data at risk of a security breach. Coffee shops, hotels, and other public systems do not provide the security levels needed to secure sensitive data. This inadequate security can lead to hackers eavesdropping on confidential files or transactions.
Ways to Mitigate the Risk of an Online Security Breach:
- Secure the Connection: Require remote workers to use an approved VPN for all online activity, reducing the risk of eavesdropping when completing business on public networks. A VPN, or virtual private network, will cloak the user’s location and encrypt data transmissions providing higher levels of security.
- Install a Secure Network at the Remote Location: Employees or independent contractors working from home will benefit from a network system with protocols equal to those used in business offices.
- Install Whole Device or Whole Disk Encryption on Electronic Devices: Virus protection and firewalls can catch spamming efforts but will not protect data transmissions. Disk or system encryption software scrambles emails, chats, and other electronic communication that could leak sensitive or confidential information.
- Limit Remote Worker Access: Evaluate the level of access needed by remote workers. Only provide credentials to data or assets essential to the job. Access control systems allow managers and executives to grant and terminate electronic access in a matter of seconds. When dealing with sensitive data, accessed in a remote location, stricter access protocols can limit losses in the event of a security breach.
- Require Strict Login and Password Credentials: Recurrent password changes, multi-layered authentication, and strict login requirements hinder unwanted access to information. These measures can even help if an employee or contractor loses a device containing confidential data.
Physical Security Breaches
Physical security breaches come in many forms. They include lost or stolen devices, visitors gaining access to a secure building, lost keys, or private property falling into the wrong hands. Physical security breaches can come from either external or internal sources, creating a challenge for security experts to put practices in place in remote locations.
Securing a business often includes hiring security guards, installing surveillance cameras, and issuing key cards that restrict and control access. Remote locations often cannot use these traditional forms of security.
Ways to Mitigate the Risk of a Physical Security Breach:
- Emphasis on Training: Remote workers must maintain the security of confidential information as they would in a traditional office to meet compliance requirements. Office protocols must remain consistent regardless of where the employee or independent contractor work. Whether they work in a shop or a home, employees and independent must understand and maintain appropriate security practices as it relates to customer and company confidential information.
- Secure all Company Issued Electronic Devices: Lost and stolen devices can expose a company to a security breach. Using cloud-based storage reduces the amount of confidential data stored on devices, reducing company risk. Another way to protect company records is to install a remote wipe feature on all company–issued devices. The wipe feature can effectively mitigate the risk by erasing the data stored on the device in the event the tablet, laptop, or phone is lost or stolen.
- Use an Access Control System that Tracks Activity: New technologies can track employee activity, log time, and record what confidential information the employee retrieved while working.
- Secure Office Equipment and Desks: Despite the increased access to all things digital, employees continue to print out volumes of paper. Remote workers are subject to these same habits of printing itineraries, customer files, and other documents containing proprietary data. In addition to securing all electronic devices, remote workers must also obtain all doors and drawers that store confidential information.
Senseon electronic access control systems provide secure locks that keep all doors and drawers protected. They also offer audit trail to monitor remote employees and mitigate the risk of a security breach.
Financial services continue to use more remote workers as new technologies make setting up satellite offices easier and cheaper. Amid these transitions, it’s increasingly necessary to take proactive steps in ensuring the company does not take on additional risks.