How Retail Banks Can Return Equipment Safely to the Office

Step One: Review User Accounts

As your users begin their migration back to the office, you should review their user accounts. Healthy user account admin is essential to your retail bank, not only for productivity – giving users access to the tools they need, when they need them – but also for cyber security and data protection. Remember, former staff and disgruntled current employees have the potential to wreak havoc if they have access to systems and data they shouldn’t. There are four key areas you should address when reviewing your user accounts:

• Suspended accounts. Review your suspended accounts, and decide on whether or not you still require them. If furloughed users’ accounts have been suspended, establish when they will be returning. Plan for each user’s return – there’s nothing worse than getting back to the office only to find your login has been suspended and you are unable to start your working day!
• Elevated privileges. With a distributed user base and fewer members of IT staff to service support requests, some of your users may have been given elevated privileges so they can remain productive. Remember that malware detonates in the context of the user – if any of your users have elevated access such as local admin rights to install software, the risk and potential impact of a data breach increases. Review elevated privileges, and remove them if they are no longer necessary.
• Account aging. Some of your users may not have logged in to their accounts for several months. Account aging suspends inactive accounts, rendering them unusable. Make sure to review before your users return to the office.
• Atypical login activity. As your IT staff begin to return to work, they may want to review logs for atypical login activity. Examples of atypical login activity include users logging in from other countries, multiple logins from different locations, or logins from unexpected devices. If you have a Microsoft Azure tenancy, Azure Active Directory Identity Protection enables you to identify high risk users and secure their access as appropriate.

Step Two: Car Wash and Compliance

It is much harder to control how your people use their devices when they are working remotely. If your users and their devices have been away from the office for some time, it’s worth considering what they have been using their laptops and equipment for. Non-work uses such as teaching children and streaming movies may be innocent enough, but they can introduce security vulnerabilities that become damaging when the equipment is reintroduced to the corporate environment. When returning user equipment to the office, remember to always keep it clean:

• Patching reviews. It goes without saying, but you should always stay up-to-date with the latest patching versions. In order to achieve this, review your patching policy to ensure it is fit for purpose. You should also look for devices that haven’t been connected for some time – including those in your office. If they haven’t connected to the VPN for some time, they may have outdated patching levels. These should be addressed as a priority, as unpatched equipment is a major cause of data breaches.
• Car wash and compliance standards. You should review each device before it is allowed back into the office. Establish a segmented section of your network where you can operate a ‘car wash’ scan on all devices, updating them where necessary before they reconnect to the corporate network. You should also establish your minimum compliance standards to expedite the process. At a minimum we suggest all devices should have critical security patches for operating systems and applications, and an antivirus signature that is less than a week old.
• Device software audit. What software applications have been downloaded to a device whilst it’s been out in the wild, especially by users who have been given extended user privileges such as local admin rights? Don’t just check user privileges – audit software and remove all unwanted, potentially vulnerable software from your user’s devices.

Retail Banks in the New Normal

This is a challenging time for all businesses. Retail banks face a unique set of considerations as they return to the ‘new normal’, given the complexity of their operations, the large quantities of money and highly confidential data they manage, and the stringent FCA compliance requirements they must abide by. By reviewing user accounts and carrying out a ‘car wash’ on returning user equipment in alignment with defined compliance standards, you will take important steps towards reducing cyber security risks as your users return with their laptops and smartphones to the office.

We recently published a Cyber Intelligence Report that provides tactical details of the current threat level to the UK financial services industry. The report provides examples of particular campaigns or themes known to Six Degrees and the broader cyber security industry as of June 2020, along with recommended remediation steps.