What Financial Firms Need To Know About Employees Working Remotely
Whether you are a Principle or Partner, it should come as no surprise that the financial sector is the single most targeted industry when it comes to cyber attacks.
As mentioned in the Global Banking & Finance Review, “As data breaches are now an almost daily occurrence with both large enterprises and SMEs making headlines for compromises to intellectual property, the security of remote workers should be a high priority for any organisation. According to recent research from Apricorn, 48% of surveyed companies said employees are their biggest security risk, and one in ten companies with over 3,000 employees do not have a security strategy.”
The SEC Brings Its First Enforcement Action under the Identity Theft Red Flags Rule
On September 26, 2018, the Securities and Exchange Commission (SEC) settled claims that Voya Financial Advisors, Inc. (VFA) failed to adequately protect customer information following a six-day cyber attack in 2016. The SEC’s order not only cites violations of the Safeguards Rule under Regulation S-P (a staple of SEC cyber security enforcement actions against broker-dealers and investment advisers), but also is the SEC’s first enforcement action for a violation of the Identity Theft Red Flags Rule under Regulation S-ID, which requires certain SEC registrants to create and implement programs to detect, prevent and mitigate identity theft. Click here for more details.
Financial institutions face 300% more cyber attacks that any other sector. The threat has gotten so far out of hand that numerous government agencies fear these cyber criminals are the biggest threat to bank stability. According to SEC Chair Mary Jo White, cyber attacks are such a grave concern that it overtakes terrorism in the Division of Intelligence’s list of global threats. There is one practice in particular that puts financial institutions at risk of a hack: Working Remote. 
In the JP Morgan breach of 2014, 83 million customer records were compromised. That is 83 Million records stolen in just ONE breach. This incident is “the largest theft of customer data” and it all started with one employee working from home.
This attack on JP Morgan should have taught us a number of things according to Claus Rosendal of SC Magazine. First, it should serve as a warning to the power and reach these malware attacks have. Second, it calls attention to what we have been saying for months; “your employees are your weakest link.” And third, this proves how easy it is for these attacks to stay under the radar. In the case of JP Morgan, the attack was underway for over a month before they figured out what was going on.
Of the attacks that occur because of unsafe remote connections, 75% stem from having weak passwords. Having an in-depth comprehensive password policy is a must for all companies; especially firms in the financial sector. Another way to defend against these attacks is multi-factor authentication (MFA). MFA is a strategy that adds an extra layer of security by requiring a code (normally retrieved from your cell phone) to be entered along with your password for access. A strong password policy and MFA are vital but they are only part of the solution. You will need to be prepared with backups, shadow copies, and off-site disaster recovery, as well.
We have put together a Financial Services Cyber Security Audit Checklist to make sure you are as cyber secure as you can be. Download it below.
Fairdinkum is your Financial Services Information Technology Service Provider and we will employ a number of measures to ensure that your data is safe with us. Each of our clients receives premium levels of service and support from our experienced and professional team of engineers.
You may want to read 5 Things Financial Firms Need To Know About Cyber Security.