Failure to overhaul cybersecurity for remote work creates regulatory risks

Failure to overhaul cybersecurity for remote work creates regulatory risks
Firms scrambling to enhance their policies and procedures should focus on the three most common weaknesses — device security, software vulnerabilities and data privacy.
MAR 25, 2021

The Smarsh 2020 Annual Risk & Compliance Survey makes it clear that work-from-home models have become deeply entrenched in the wake of the Covid-19 outbreak. Seventy percent of the respondents said their organizations had moved primarily to such a model, while 86% within that group say more than three-quarters of their workforces have done so. 

Never before have banks, broker-dealers, RIAs, insurance companies and hedge funds allowed such large numbers of employees to work off-site. This sudden shift produces not only an environment ripe for fraud and nefarious behavior, but it increases the likelihood of cybersecurity or compliance risks.

As a result, many firms are now scrambling to enhance their policies and procedures for dealing with these challenges. To play catch up, they should focus on the three most common weaknesses — device security, software vulnerabilities and data privacy. 

DEVICE SECURITY

During the pandemic, firms have largely adopted a bring-your-own-device (BYOD) policy for workers. This approach undoubtedly saves money and solves many of the logistical hassles associated with getting company-purchased laptops and smartphones to everyone who needs them. But it becomes a problem when those devices are used to connect to corporate servers without being encrypted, backed up or armed with malware detection. One misstep by a single user and it's possible to give bad actors an access point to company assets.

Company-owned laptops and devices acquired specifically for in-office usage may also lack sufficient remote work controls. These include the ability for company administrators to wipe devices from afar instantly, block them from accessing servers, and track both the locations of all remote devices and the times when users access servers. All these features are necessary in case a worker decides to go rogue or a device goes missing.

SOFTWARE VULNERABILITIES

The main software-related cybersecurity risks stem from storing work files on unprotected drives, connecting to corporate servers from unsecured home Wi-Fi networks, or using unapproved collaboration and messaging applications. The best way to prevent these problems is to develop explicit usage policies that address which devices and applications are approved and which are not. As an extra step, install software that automatically limits access. This way, users cannot violate cybersecurity protocols, either intentionally or unintentionally.

A remote work environment calls for cybersecurity platforms that test system vulnerabilities, detect server intrusions, remediate and update software, generate audit logs and enable administrators to implement hierarchical access rights. Operating without these tools all but invites trouble. In their absence, client data may fall into the wrong hands without financial firms learning about a breach until after it's too late. This is precisely why regulators such as the Financial Industry Regulatory Authority Inc. and the Securities and Exchange Commission are scrutinizing firms' cybersecurity posture. 

DATA PRIVACY

The typical confidentiality-related cybersecurity risks come from workers sharing devices with their children or spouses, exposing sensitive or confidential information to guests in their homes, responding to email scams or posting confidential data on the web or social channels. Good cybersecurity platforms conduct awareness training sessions for workers about these issues. The best ones automatically create playbooks in response to violations. 

Of course, some worker behaviors will go undetected. For example, there may be no way to know for sure if someone is reviewing personal information about clients while a guest walks over and looks at the screen. That's why detailed, clear and, importantly, enforced policies and procedures are essential. This is the key to establishing cybersecurity best practices that become intertwined with a firm's culture.

GETTING STARTED

Financial firms that have fallen behind on cybersecurity can struggle with getting started on the road to improvement. Fortunately, solutions exist to help organizations monitor and address their cybersecurity risk posture across multiple threat vectors.

Based on Smarsh's Annual Risk & Compliance Survey, the era of remote work is here to stay. Firms that delay ramping up cybersecurity protections do so at their own risk.

Stephen Marsh is founder and chairman of Smarsh, the global technology leader in digital communications compliance. Sid Yenamandra is CEO of Entreda, the cybersecurity solutions provider for wealth management firms that is a subsidiary of Smarsh.

SolarWinds cyber hack should raise adviser scrutiny of tech vendors

Latest News

Advisor moves: RBC swipes $1.7B UBS team, Baird duo departs for LPL's Linsco channel
Advisor moves: RBC swipes $1.7B UBS team, Baird duo departs for LPL's Linsco channel

RBC Wealth Management's latest move in New York adds an elite eight-member team to its recently opened Westchester office.

Stifel star broker, Chuck Roberts, leaves firm under cloud of investor complaints
Stifel star broker, Chuck Roberts, leaves firm under cloud of investor complaints

Stifel – so far - is on the hook for more than $166 million in damages, legal fees and settlements in investor complaints involving Roberts, a 35-year industry veteran.

iCapital secures $820M in latest funding, hits $7.5B
iCapital secures $820M in latest funding, hits $7.5B

The giant alt investments platform's latest financing led by T. Rowe Price and SurgoCap Partners, along with State Street, UBS, and BNY, will fuel additional growth on multiple fronts.

Merrill Lynch on the hook for $3.7M after clients claimed sale of unsuitable private equity
Merrill Lynch on the hook for $3.7M after clients claimed sale of unsuitable private equity

Some investors recently have seen million dollar plus decisions by FINRA arbitration panels involving complex products decisions go their way.

What does it take to feel 'financially comfortable' or 'wealthy' in 2025?
What does it take to feel 'financially comfortable' or 'wealthy' in 2025?

New report shines a light on how Americans view wealth today.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.