But while this offers opportunities for businesses to reduce overheads such as expensive rental rates in key financial hubs like the City, it also presents new challenges. In particular, remote employees working without direct contact with colleagues and managers could be more susceptible to a range of cyber security threats.
This is partly because the sensitive data they hold makes them a tempting target for hackers. For instance, research from Varonis shows the average financial services employee has access to nearly 11 million files, while two-thirds of companies have more than 1,000 sensitive files open to every employee.
What’s more, many firms in this sector have no great history of supporting home working, so may well be starting from scratch and with limited training – which can result in gaps in their defences.
For instance, one senior computer network manager for a global financial services company recently told BBC News his firm is seeing multiple hacking attacks every week, utilising a range of different techniques, with email and instant messaging attacks commonplace.
He said: “We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers. Having staff working from home during the lockdowns has just made it worse, as it is much harder to keep an eye on everyone.”
Upgrading your email defences
It’s therefore essential that financial services firms take steps to protect their remote workers from these steps. And the best place to start is by toughening up email defences. The vast majority of attacks originate on this platform and, with more communications set to rely on these channels in an era of home working, they present new opportunities for hackers.
Traditional email antimalware tools may miss some of the more advanced attacks, so it’s a good idea to invest in solutions with technologies such as artificial intelligence and machine learning. Unlike legacy gateway tools, which scan messages as they arrive, these sit in a user’s inbox and so can build up a better picture of what normal mail activity looks like.
Then, if anything unusual is spotted – such as a senior executive emailing an employee they don’t have regular contact with, or a colleague using phrases that are out of character, the message can be flagged. This system should also then be able to search proactively for similar emails in other inboxes throughout the business.
However, it’s important not to focus too strongly on this at the expense of other areas. For example, if contact centre staff or financial advisors are embracing tools like video chats to connect with customers, it’s essential they’re also able to use secure tools to remain in line with regulations and protect private conversations.
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.