As working from home becomes the new normal, senior leaders of financial institutions need confidence that their company information will remain secure when employees are discussing work matters online.
A recent survey by PwC, as part of its Cyber Security Strategy 2021, found that 50% of UK organisations said cyber security would be baked into every business decision. The research, presented as an ‘urgent business priority’, highlighted how organisations will seek to improve their cyber resilience in 2021. Only 36% of the UK respondents said they were very confident that they were getting the best return on their cyber spend although 56% said they had plans to increase their cyber budgets in 2021.
When taken into consideration with a recent survey conducted by Forcepoint in partnership with WSJ Intelligence, which revealed that 71% of global CEOs said they were losing sleep over the prospect of their company’s next security breach, it comes as no surprise that effective cyber-security is high on the corporate agenda for 2021 and beyond.
So, what is the risk of a security breach when discussing sensitive and confidential financial reports, strategy and information in cyber space? How can organisations protect themselves against hackers and malicious threat actors?
Hackers listen in to conversations and can see and read data – information which can be very useful to a competitor, criminal or some other nefarious entity. If a hacker succeeds it can be hugely costly to the company which falls prey through a data breach fine, as well as being commercially damaging in terms of productivity and reputation.
Financial institutions must be acutely aware of the potential threats that hackers pose to their business and reputation, the security issues they need to consider when choosing an online video, calls, messaging and file sharing platform, as well as the practical measures they can take to protect their company and its interests.
The problem is real, and it’s one that is on the minds of those responsible for protecting not only internal company data, but also that of their complex chain of suppliers and clients. With the Forcepoint and WSJ Intelligence survey also revealing less than half (46%) regularly reviewed their cyber security strategy – coupled with more and more companies relying on video technology for remote working – the likelihood, and therefore the risk, of a security breach is significantly higher.
When it comes to technology to keep us connected, there are many different platforms available that those in the finance industry could use for remote working with some having been around for a long time, but how many of them are as secure as they need them to be? As hackers become increasingly sophisticated, it’s crucial companies check that the systems they use have moved with the times, and that they continue to review and improve the security of the technology they rely on to communicate.
Here are my top tips to consider when choosing a secure videoconferencing, calls, messaging and file-sharing platform to facilitate remote working for businesses in the finance industry:
Avoid allowing the use of ‘unofficial’ social media platforms
A simple step here is to have policies in place to insist your employees use systems approved by their employer, rather than using popular social media messaging platforms for business communications. These platforms are inherently risky and despite claims about encryption, are often compromised, providing a gateway to other data on your computer or mobile device.
Keep everything to one application
Use a supported enterprise system that meets true end-to-end Advanced Encryption Standard (AES) 256-bit encryption. This might sound costly and overly ‘techy’, but in reality is very cost effective, especially when compared to the potential reputational and financial costs of a data breach.
Ideally, choose a system where all features are integrated within one application (app), so that messaging, calling, video conferencing and file sharing stays within one eco-system. As soon as users need to go ‘outside’ the system, the risk from hackers opens up.
Keep things simple
Remember, not all your employees will be tech experts. Staff productivity will benefit from having easy to use platforms that work in a similar way to those employees are used to using every day on their computers and mobile devices. Even better, look for a system that works on their own devices without the need to install sophisticated new software.
Invest in training
It is vital that companies working in the financial sphere implement cyber-security training for all its staff to make them aware of the risks and gain their buy-in for its online security policies. Consider extending this training to all companies and individuals in the supply chain, including contractors and clients. These interdependent supply chains can be undermined through ransomware attacks and service disruptions. Your company may have state of the art cyber-security, but if your interdependent supply chain doesn’t, then you have a weak link.
Consider the costs
Think about the cost in terms of productivity, reputational damage and even potential fines rising from data protection breaches. Do your homework before choosing a platform; where will your communication be routed? Where are the servers based? Are they trusted and do they directly support your business needs? Some systems offer features that are better suited for social use, but the development costs are often recovered through charging business users.
Aim for a system that is designed for your business needs and don’t pay for features you don’t need. Security standards can never be too high, and the system needs to have high fidelity in terms of video and audio quality. Go for a system that can be used via mobile devices and the web without having to be installed onto computers or local servers.
John Parkinson OBE is a former UK Police Chief and Senior National Counter Terrorism Coordinator. With broad experience as an international security consultant he is now president of US tech company Secured Communications, which recently launched its Mercury secure video conferencing, audio calling, messaging and file transfer platform in the UK.
