Plan for COVID-20, 21, 22...
Dr. Anthony Fauci, head of the National Institute of Allergy and Infectious Diseases, stated about COVID-19, “I know we’ll be successful in putting this down now, but we really need to be prepared for another cycle.” Fauci cautioned that Americans need to be prepared for the possibility that COVID-19 could become a seasonal disease.
Consider needs your institution will have for future cycles of this virus.
There are Other Virus Threats
The COVID-19 virus is the one we’ve been hearing about. Its health and economic impacts will be felt for months (possibly years) to come.
Less talked about is the computer virus threat and other malware threats that are occurring under cover of the COVID-19 virus. Cyber attackers are opportunistic and are using this as an opportunity to steal, disrupt and create mayhem.
Attackers have been sending out emails that appear to be about the coronavirus. However, they actually contain infected email attachments or link to malicious sites. Websites resembling legitimate sites for the World Health Organization (WHO) and the Johns Hopkins coronavirus map website have been used to steal usernames, passwords, credit card numbers and other data from visiting user machines.
Want to know ways you can identify and avoid falling victim to virus-related attacks? Read BankOnIT’s guide here.
Supply Chain Disruptions Limit Options
While every institution has business continuity plans, those plans likely did not take into account the immediate worldwide demand for laptops and network hardware needed to configure remote work capabilities. They also did not take into consideration supply chain interruptions that occurred from shutting down equipment production factories in Asia, where the virus first was detected.
Institutions that delayed acting on this demand found themselves unable to acquire laptops and other equipment needed to set up remote workers. Some institutions have moved employees’ entire workstation setups from their offices to their homes, while other institutions have allowed use of employee home computers in order to overcome supply chain disruptions.
Risk Increases with More Employees Working Remotely
As more employees work remotely there is an increased risk of a cybersecurity incident. Who physically accesses the machine, limits on which websites can be visited, and physical inventory tracking of bank assets all pose challenges when working remotely.
More concerning is allowing employees to use their own home computers to access bank networks. Firewalls, spam filters and anti-virus on those personal devices and the personal email and public file-sharing accounts the employee may access from home should not be decided by each employee.
Has Your IT Staff Been Able to Keep Up?
Prior to COVID-19, the economy was at full employment and there were not enough qualified technical staff to fill available positions. As a result, many bank IT departments were already at capacity. COVID-19 substantially increased demand on IT staff for remote connectivity and phones used for in-bound calls to a laptop at off-site locations. Additionally, a dramatic increase in user support requests for help with remote connectivity, asking for added capabilities such as printers at home and more all create a perfect storm for IT staffs.
As a director, what are your thoughts? Has your IT staff kept up with the increased demands to support the needs of your institution? How do you plan to increase IT staffing to support remote work capabilities?
Staying Secure in a Changing Working Environment
Financial institutions are critical infrastructure, and employees of FIs are essential and exempted from government-ordered shutdowns. However, to limit the spread of COVID-19, banks and credit unions alike have closed lobbies and entire branches and have more employees working from home than ever before.
How do you manage a secure work environment with a high level of your employee workforce working remotely? The Cybersecurity and Critical Infrastructure Agency (CISA) has issued guidance relating to employee remote work and defending against COVID-19 cyber scams. CISA encourages institutions to maintain a heightened sense of cybersecurity.
A few of their VPN security tips include ensuring VPNs and devices have the latest software patches and configurations, and that current anti-virus software is installed and up to date.
One very effective tool that has proven to reduce an attacker gaining control of a workstation is use of Multi-Factor Authentication (MFA) software. MFA uses a second device, such as the employee’s smartphone, to which a request is sent for authorization. An app on the smartphone prompts the employee to accept or deny the connection being made on the workstation they are trying to log into.
Read the CISA release here.
Keep Top-of-Mind Awareness
With more distance between coworkers, cyber bad actors hope remote work will weaken basic cybersecurity alertness, such as being cautious with suspicious messages.
An email request cost Shark Tank investor Barbara Corcoran almost $400,000. Someone who appeared to be Corcoran’s assistant emailed the company bookkeeper approval of an invoice. It was a phishing attack, with a fake email account imitating the assistant’s email address off by only one letter. This happened pre-COVID-19; remote work increases risks such as these. These same types of attacks have previously been used against banks and their customers to commit wire transfer fraud.
These types of attacks are increasing in the current environment.
Some Cyber Attacks are Still Physical
Cyber criminals are also pairing virtual and physical attack strategies.
At least one entity is mass-mailing malware or ransomware-infected “free” USB drives to employees at various businesses. Financial institutions are among the targeted entities.
Do you know what your bank’s policy is for mass storage devices? Best practice encourages financial institutions to block these ports, restricting access to USB drives. Remind employees to not use and instead discard free USB drives, including ones mailed to them.
Want to know more? Ask us for BankOnIT’s Regulatory Update on the OCC Semiannual Risk Publication.
Cloud Drives Efficiency
Using technology investments effectively is the No. 1 way companies are going to control costs in a down economy. A recent Wall Street Journal article gave insight as to how remote-work capabilities are likely to become permanent fixtures for companies seeking to gain efficiencies when money gets tight and daily operations need to be more flexible. Use of cloud computing is more efficient and provides greater flexibility, more capabilities and is easily scalable.
Regulators have also commented about how outsourcing and use of such technologies can give banks more capabilities and improve efficiency.
Could your institution benefit? Ask us for more information about how a cloud computing solution designed specifically for financial institutions helps increase efficiency.
The Final Word
Recent studies have shown that employees are more efficient, likely to work longer hours and are happier when working from home. Video conferencing tools have been shown to improve efficiency; there is less time wasted physically going between meetings. Could your institution benefit from having more employees work remotely after the current crisis ends? Increased resilience for business continuity, reduced need for physical office space and less water cooler talk.
*If you’d like to receive the Information Technology for Directors publication directly in your email inbox, please email us at Guidance@BankOnITUSA.com.