Author: Shannon Simpson, Cyber Security and Compliance Director at Six Degrees
Financial services firms have become enthusiastic adopters of the latest disruptive technical innovations. Where once there was hesitancy and a low risk appetite, boardrooms throughout the city and beyond are recognising the incremental benefits that transformative technology can bring. In such a competitive market, the effective use of technology truly can make all the difference.
When we talk about transformative technology, remote working may not be the first thing that comes to mind, after all, remote access to data and applications has been around for some time now – what’s so special about that? The truth is that remote working technology has moved on in leaps and bounds over the past few years and its capacity to enhance productivity and collaboration across multiple device types is greater than ever before. In a competitive recruitment market where the best talent has been conditioned to expect streamlined technology from day one at a new firm, to merely stick with what has always worked for your firm is to risk being left behind.
The likes of Avaya, Citrix and VMware are continually evolving their remote working offerings, and it is incumbent upon financial services firms to stay abreast of the latest developments. However, in addition to considering the potential enhancements in productivity that remote working can bring,your firm also needs to assess its remote working security in line with the latest innovations.
The contemporary cybersecurity landscape is a complex one. Security threats come in many forms, from the malicious to the innocent and unintended. And with today’s stringent regulations threatening huge penalties for data breaches, now is the time to take remote working security seriously.
In order to remain competitive, today’s financial services firms need to provide their users with access to data and applications wherever they are. Here are six remote working security tips to enhance productivity whilst minimising business risk.
Top Six Remote Working Security Tips
Your physical and system security may be robust and well-established at your headquarters, but the same can’t always be said for a taxi, a local coffee shop, or the CEO’s home office.This advice aims to help you to implement security best practices for all users who access your systems, no matter where they work or what device they use:
- Ensure your users keep their equipment safe.Laptop, smartphone and tablet devices are all targets for criminals. If your users are working in public spaces, make sure that they never leave their equipment unattended. And they should be wary of shoulder surfers, who may be looking at confidential information that is displayed on their screens.
- Enforce a strong password policy.Your users will need strong passwords to ensure that – if the worst happens and their equipment is stolen – criminals won’t be able to login to their profiles. Introduce a strong password policy that requires passwords to be at least 12 characters long, and use a password manager to help secure your passwords as per the guidance issued by the National Cyber Security Centre.
- Be wary of public Wi-Fi. Unsecured public Wi-Fi services – such as those offered by coffee shops and transport providers – can present a security risk, as data transmitted through public Wi-Fi can be intercepted. Your users should consider using their mobile phone networks rather than public Wi-Fi services.
- Use secure remote access methods. A VPN tunnel from your users’ laptops to your email, file and application servers can create a backdoor for hackers to gain access to your infrastructure. Consider using a secure remote access method like Microsoft RD Web or Citrix XenApp, both of which are inherently more secure than standard VPN tunnels and also offer greater management and functionality.
- Implement antivirus, email security and web security. Your servers and office desktops are protected by endpoint antivirus, email security and web security. What about your laptops and other devices outside the office environment? Whether your users are in the office or working remotely, they should work to maintain the same high security standards at all times.
- Establish formal written security policies and procedures. Don’t wait for the worst to happen – review your corporate incident management plans and ensure they include mobile devices and activity. You should also understand your data classification and handling procedures. Outline what constitutes sensitive data and the type of information that can leave the office. Ask users to minimise the information they store. Then outline the vulnerabilities of public Wi-Fi and help users to identify legitimate Wi-Fi connections.
Remote Working Security Training
Training users in remote working security best practices is essential to protecting your business. Security aware users are your first line of defence against data breach or cyber-attack, and today’s hedge funds need to promote a strong security culture throughout their staff. By instilling a sound remote working security posture, and training users on how to work securely at all times, it is possible to enhance productivity whilst minimising risk.