The Smarsh 2020 Annual Risk & Compliance Survey makes it clear that work-from-home models have become deeply entrenched in the wake of the Covid-19 outbreak. Seventy percent of the respondents said their organizations had moved primarily to such a model, while 86% within that group say more than three-quarters of their workforces have done so.
Never before have banks, broker-dealers, RIAs, insurance companies and hedge funds allowed such large numbers of employees to work off-site. This sudden shift produces not only an environment ripe for fraud and nefarious behavior, but it increases the likelihood of cybersecurity or compliance risks.
As a result, many firms are now scrambling to enhance their policies and procedures for dealing with these challenges. To play catch up, they should focus on the three most common weaknesses — device security, software vulnerabilities and data privacy.
During the pandemic, firms have largely adopted a bring-your-own-device (BYOD) policy for workers. This approach undoubtedly saves money and solves many of the logistical hassles associated with getting company-purchased laptops and smartphones to everyone who needs them. But it becomes a problem when those devices are used to connect to corporate servers without being encrypted, backed up or armed with malware detection. One misstep by a single user and it's possible to give bad actors an access point to company assets.
Company-owned laptops and devices acquired specifically for in-office usage may also lack sufficient remote work controls. These include the ability for company administrators to wipe devices from afar instantly, block them from accessing servers, and track both the locations of all remote devices and the times when users access servers. All these features are necessary in case a worker decides to go rogue or a device goes missing.
The main software-related cybersecurity risks stem from storing work files on unprotected drives, connecting to corporate servers from unsecured home Wi-Fi networks, or using unapproved collaboration and messaging applications. The best way to prevent these problems is to develop explicit usage policies that address which devices and applications are approved and which are not. As an extra step, install software that automatically limits access. This way, users cannot violate cybersecurity protocols, either intentionally or unintentionally.
A remote work environment calls for cybersecurity platforms that test system vulnerabilities, detect server intrusions, remediate and update software, generate audit logs and enable administrators to implement hierarchical access rights. Operating without these tools all but invites trouble. In their absence, client data may fall into the wrong hands without financial firms learning about a breach until after it's too late. This is precisely why regulators such as the Financial Industry Regulatory Authority Inc. and the Securities and Exchange Commission are scrutinizing firms' cybersecurity posture.
The typical confidentiality-related cybersecurity risks come from workers sharing devices with their children or spouses, exposing sensitive or confidential information to guests in their homes, responding to email scams or posting confidential data on the web or social channels. Good cybersecurity platforms conduct awareness training sessions for workers about these issues. The best ones automatically create playbooks in response to violations.
Of course, some worker behaviors will go undetected. For example, there may be no way to know for sure if someone is reviewing personal information about clients while a guest walks over and looks at the screen. That's why detailed, clear and, importantly, enforced policies and procedures are essential. This is the key to establishing cybersecurity best practices that become intertwined with a firm's culture.
Financial firms that have fallen behind on cybersecurity can struggle with getting started on the road to improvement. Fortunately, solutions exist to help organizations monitor and address their cybersecurity risk posture across multiple threat vectors.
Based on Smarsh's Annual Risk & Compliance Survey, the era of remote work is here to stay. Firms that delay ramping up cybersecurity protections do so at their own risk.
Stephen Marsh is founder and chairman of Smarsh, the global technology leader in digital communications compliance. Sid Yenamandra is CEO of Entreda, the cybersecurity solutions provider for wealth management firms that is a subsidiary of Smarsh.
Driven by robust transaction activity amid market turbulence and increased focus on billion-dollar plus targets, Echelon Partners expects another all-time high in 2025.
The looming threat of federal funding cuts to state and local governments has lawmakers weighing a levy that was phased out in 1981.
The fintech firms' new tools and integrations address pain points in overseeing investment lineups, account monitoring, and more.
Canadian stocks are on a roll in 2025 as the country prepares to name a new Prime Minister.
Carson is expanding one of its relationships in Florida while Lido Advisors adds an $870 million practice in Silicon Valley.
RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.
As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.
