The Smarsh 2020 Annual Risk & Compliance Survey makes it clear that work-from-home models have become deeply entrenched in the wake of the Covid-19 outbreak. Seventy percent of the respondents said their organizations had moved primarily to such a model, while 86% within that group say more than three-quarters of their workforces have done so.
Never before have banks, broker-dealers, RIAs, insurance companies and hedge funds allowed such large numbers of employees to work off-site. This sudden shift produces not only an environment ripe for fraud and nefarious behavior, but it increases the likelihood of cybersecurity or compliance risks.
As a result, many firms are now scrambling to enhance their policies and procedures for dealing with these challenges. To play catch up, they should focus on the three most common weaknesses — device security, software vulnerabilities and data privacy.
During the pandemic, firms have largely adopted a bring-your-own-device (BYOD) policy for workers. This approach undoubtedly saves money and solves many of the logistical hassles associated with getting company-purchased laptops and smartphones to everyone who needs them. But it becomes a problem when those devices are used to connect to corporate servers without being encrypted, backed up or armed with malware detection. One misstep by a single user and it's possible to give bad actors an access point to company assets.
Company-owned laptops and devices acquired specifically for in-office usage may also lack sufficient remote work controls. These include the ability for company administrators to wipe devices from afar instantly, block them from accessing servers, and track both the locations of all remote devices and the times when users access servers. All these features are necessary in case a worker decides to go rogue or a device goes missing.
The main software-related cybersecurity risks stem from storing work files on unprotected drives, connecting to corporate servers from unsecured home Wi-Fi networks, or using unapproved collaboration and messaging applications. The best way to prevent these problems is to develop explicit usage policies that address which devices and applications are approved and which are not. As an extra step, install software that automatically limits access. This way, users cannot violate cybersecurity protocols, either intentionally or unintentionally.
A remote work environment calls for cybersecurity platforms that test system vulnerabilities, detect server intrusions, remediate and update software, generate audit logs and enable administrators to implement hierarchical access rights. Operating without these tools all but invites trouble. In their absence, client data may fall into the wrong hands without financial firms learning about a breach until after it's too late. This is precisely why regulators such as the Financial Industry Regulatory Authority Inc. and the Securities and Exchange Commission are scrutinizing firms' cybersecurity posture.
The typical confidentiality-related cybersecurity risks come from workers sharing devices with their children or spouses, exposing sensitive or confidential information to guests in their homes, responding to email scams or posting confidential data on the web or social channels. Good cybersecurity platforms conduct awareness training sessions for workers about these issues. The best ones automatically create playbooks in response to violations.
Of course, some worker behaviors will go undetected. For example, there may be no way to know for sure if someone is reviewing personal information about clients while a guest walks over and looks at the screen. That's why detailed, clear and, importantly, enforced policies and procedures are essential. This is the key to establishing cybersecurity best practices that become intertwined with a firm's culture.
Financial firms that have fallen behind on cybersecurity can struggle with getting started on the road to improvement. Fortunately, solutions exist to help organizations monitor and address their cybersecurity risk posture across multiple threat vectors.
Based on Smarsh's Annual Risk & Compliance Survey, the era of remote work is here to stay. Firms that delay ramping up cybersecurity protections do so at their own risk.
Stephen Marsh is founder and chairman of Smarsh, the global technology leader in digital communications compliance. Sid Yenamandra is CEO of Entreda, the cybersecurity solutions provider for wealth management firms that is a subsidiary of Smarsh.
After a two-year period of inversion, the muni yield curve is back in a more natural position – and poised to create opportunities for long-term investors.
Meanwhile, an experienced Connecticut advisor has cut ties with Edelman Financial Engines, and Raymond James' independent division welcomes a Washington-based duo.
Osaic has now paid $17.2 million to settle claims involving former clients of Jim Walesa.
Oregon-based Eagle Wealth Management and Idaho-based West Oak Capital give Mercer 11 acquisitions in 2025, matching last year's total. “We think there's a great opportunity in the Pacific Northwest,” Mercer's Martine Lellis told InvestmentNews.
Osaic-owned CW Advisors has added more than $500 million to reach $14.5 billion in AUM, while Apella's latest deal brings more than $1 billion in new client assets.
Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.
Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.
