By Dave Waterson, CEO, SentryBay
It has become pretty obvious over the past couple of weeks that despite the ‘easing of lockdown’, few businesses have reverted to normal. Those employees in the financial services market that are returning to the office are doing so on reduced hours, but where possible, most seem to be continuing to work from home. Despite a recent PWC report finding that 70 per cent of CFO’s are confident that their company can provide a safe working environment, 49 per cent said that they were considering making remote work a permanent option where feasible.
It seems likely that for the foreseeable future, the Post-Covid-19 working landscape will be flexible. After the scramble to accommodate remote working in March, which proved challenging for many, now is the time for banks and financial services firms to consider how best they can protect their employees, not just from the pandemic, but also from the rise in cyber-crime.
A SentryBay survey amongst 1550 people working from home at the end of April showed that 42% had received suspicious emails and 18% had been faced with an actual cyber-security breach over the previous five weeks since lockdown began. This figure will undoubtedly have risen considerably since. A significant factor in this is the lack of dedicated security on the myriad of devices that remote workers have been using to connect to the corporate network. Lockdown was swift, it allowed little time for organisations to provide secure laptops and tablets that would ordinarily be used within the safety of the corporate perimeter.
This presented an opportunity for cyber-criminals, always on the lookout for technology vulnerabilities they can exploit. Endpoints, which can include workstations and printers, but are more commonly tablets, phones, laptops, and even home computers are the weakest link in the security chain and the point at which 70 per cent of breaches originate according to a report from last year.
Unmanaged devices pose a risk
The reason unmanaged devices present such a risk is because they often feature out-of-date anti-virus or internet security software, if they have it at all; they have a higher risk of compromise due to running counterfeit or unlicensed solutions; or they are operating from an untrusted network. The employer does not manage the software that runs on these devices and, particularly during lockdown, has had limited options for assessing and addressing any deficiency, but still they are allowing them access to the network, and all the valuable data that is stored there.
Because unmanaged devices are unprotected, they can more easily be infiltrated with malware. Keylogging, in which malware is covertly installed to record keystrokes which can later be used to steal passwords and log-in details,is one method commonly used to steal data. In fact, keylogging spyware is ranked as one of the world’s most prevalent malware. But there are many other malicious techniques used including screen capture and screen grabbing, man-in-the-browser, saved account detail harvesting, screen mirroring, man-in-the-middle, DLL injection, and RDP double-hop. Rather than going into details on all of these, it is sufficient to know that without appropriate levels of security, endpoints are potentially a massive chink in the armour of any organisation.
Adopt a uniform security posture
Given that so many employees will continue to work from home, companies must address this urgent issue and reconsider their security environment not just in the office, but outside it too. The aim should be to ensure that any unmanaged device that accesses the corporate network must have the same security posture as managed devices that reside within the corporate perimeter. This includes ensuring that SaaS applications are isolated or ‘containerised’ from the rest of the potentially-compromised unmanaged machine or endpoint.
This is not a problem that will be solved by standard anti-virus solutions. It requires products that have been designed specifically to protect data entry on BYOD and unmanaged devices, particularly into remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications. Browsers that access the corporate network should be locked down, including URL whitelisting, enforced certificate checking and enforced https.
The deployment of these tools should not have to involve the time, cost or complexity of software or hardware that requires special configuration. Instead, a simple download and install from pre-configured software will provide a far more effective and speedy resolution to the threat. IT and security managers in financial companies can select proven anti-keylogging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing credentials and sensitive corporate data. It is also important that there is access to a portal that allows simple configuration by administrators – this is after all something that needs to be managed remotely.
Of course, in the finance industry, companies often enable access to parts of their network to partners, suppliers and other stakeholders. The net for protecting endpoints should also be extended to include them, with policies put in place to ensure their endpoint devices are secured. The change in working practices necessitates greater attention to security and as part of this, regulatory compliance must be considered. It takes only one breach of GDPR for a company to be facing potentially damaging financial penalties and reputational risk. So, as we consider the ‘new normal’, now is the time to take stock of all touch points into the corporate network, and raise the security bar. In this environment, it is not just coronavirus that companies need to guard against, but those viruses that sit at the heart of our IT systems waiting to unleash their particular cyber payload.