If your retail bank is considering its return to work strategy, it’s not just infected staff you should be wary of. The laptops and smartphones your users return with may be riddled with nasties picked up in the wild. By following cyber security best practices, you can return equipment safely to the office whilst remaining FCA compliant.
Retail banks, like many organisations, undertook a mass migration to home working in March 2020 in response to the then-deepening coronavirus crisis. With Fleet Street deserted and Microsoft Teams meetings becoming the norm, many bankers have become used to the perks of a remote working lifestyle. However, we haven’t seen the last of Canary Wharf and the City just yet – with the UK Government keen to get Brits safely back to work, retail banks are taking their first steps towards reintroducing their people to the office environment.
The great return to the office will be a complex undertaking, with antibody testing, temperature monitoring and social distancing all set to become fixtures of the new office reality. Many retail banks are understandably hesitant to return all of their users to the office, instead adopting a hybrid working model in which employees split their time between their homes and the office. This potentially complex operating arrangement may be seen as an opportunity by the increasing number of cybercriminals targeting the UK financial services industry. And with the FCA taking a hard line with retail banks that suffer data breaches resulting from cyber-attacks, it’s never been more important to maintain cyber security best practices at all times.
For those users that must return to the office, retail banks’ considerations should go beyond physical and mental health – the equipment they’ll carry with them, much of which has been out in the wild hosting children’s YouTube sessions and Friday night Zoom calls, presents a very real cyber security risk. In this blog we will provide best practice cyber security advice on how to bring your users and equipment back from the wild in a manner that minimises risk and maximises productivity.
Step One: Review User Accounts
As your users begin their migration back to the office, you should review their user accounts. Healthy user account admin is essential to your retail bank, not only for productivity – giving users access to the tools they need, when they need them – but also for cyber security and data protection. Remember, former staff and disgruntled current employees have the potential to wreak havoc if they have access to systems and data they shouldn’t. There are four key areas you should address when reviewing your user accounts:
- Suspended accounts. Review your suspended accounts, and decide on whether or not you still require them. If furloughed users’ accounts have been suspended, establish when they will be returning. Plan for each user’s return – there’s nothing worse than getting back to the office only to find your login has been suspended and you are unable to start your working day!
- Elevated privileges. With a distributed user base and fewer members of IT staff to service support requests, some of your users may have been given elevated privileges so they can remain productive. Remember that malware detonates in the context of the user – if any of your users have elevated access such as local admin rights to install software, the risk and potential impact of a data breach increases. Review elevated privileges, and remove them if they are no longer necessary.
- Account aging. Some of your users may not have logged in to their accounts for several months. Account aging suspends inactive accounts, rendering them unusable. Make sure to review before your users return to the office.
- Atypical login activity. As your IT staff begin to return to work, they may want to review logs for atypical login activity. Examples of atypical login activity include users logging in from other countries, multiple logins from different locations, or logins from unexpected devices. If you have a Microsoft Azure tenancy, Azure Active Directory Identity Protection enables you to identify high risk users and secure their access as appropriate.
Step Two: Car Wash and Compliance
It is much harder to control how your people use their devices when they are working remotely. If your users and their devices have been away from the office for some time, it’s worth considering what they have been using their laptops and equipment for. Non-work uses such as teaching children and streaming movies may be innocent enough, but they can introduce security vulnerabilities that become damaging when the equipment is reintroduced to the corporate environment. When returning user equipment to the office, remember to always keep it clean:
- Patching reviews. It goes without saying, but you should always stay up-to-date with the latest patching versions. In order to achieve this, review your patching policy to ensure it is fit for purpose. You should also look for devices that haven’t been connected for some time – including those in your office. If they haven’t connected to the VPN for some time, they may have outdated patching levels. These should be addressed as a priority, as unpatched equipment is a major cause of data breaches.
- Car wash and compliance standards. You should review each device before it is allowed back into the office. Establish a segmented section of your network where you can operate a ‘car wash’ scan on all devices, updating them where necessary before they reconnect to the corporate network. You should also establish your minimum compliance standards to expedite the process. At a minimum we suggest all devices should have critical security patches for operating systems and applications, and an antivirus signature that is less than a week old.
- Device software audit. What software applications have been downloaded to a device whilst it’s been out in the wild, especially by users who have been given extended user privileges such as local admin rights? Don’t just check user privileges – audit software and remove all unwanted, potentially vulnerable software from your user’s devices.
Retail Banks in the New Normal
This is a challenging time for all businesses. Retail banks face a unique set of considerations as they return to the ‘new normal’, given the complexity of their operations, the large quantities of money and highly confidential data they manage, and the stringent FCA compliance requirements they must abide by. By reviewing user accounts and carrying out a ‘car wash’ on returning user equipment in alignment with defined compliance standards, you will take important steps towards reducing cyber security risks as your users return with their laptops and smartphones to the office.
We recently published a Cyber Intelligence Report that provides tactical details of the current threat level to the UK financial services industry. The report provides examples of particular campaigns or themes known to Six Degrees and the broader cyber security industry as of June 2020, along with recommended remediation steps.
If your insurance firm is maintaining an agile, hybrid workforce,
Although things have moved on drastically since March they have