Toe examine all this is Ben Fielding from , a cybersecurity job site in the UK. The editors here are pleased to share these insights; the usual editorial disclaimers apply. To comment, email tom.burroughes@wealthbriefing.com or jackie.bennion@clearviewpublishing.com

The outbreak of COVID-19 has tested the limits of our society in countless ways already, with many countries still in lockdown and a huge portion of workers working from home for the first time. This shift to home working brings a number of new challenges to the safety and integrity of many businesses. For all those unused to working from home, knowing the basics of home security will be essential over the next few weeks, especially for banking and finance staff.

With so many workers logging in remotely, the perimeters of a business are spread much wider and become more disjointed. This makes it easier for cyber criminals to take advantage of weak spots, potentially leaving significant personal data exposed. Whether it’s new software, fewer security measures on home devices or deliberate malicious action, everyone needs to be responsible for the online safety of their work at such a vulnerable time for so many businesses.

Since banking and wealth management companies work so closely with considerably large amounts of sensitive data, security staff will most likely put in place strict security measures and outline details of how to maintain secure working at all times. However, for those who are still unsure or feel that there hasn’t been enough guidance, the National Cyber Security Centre has put together some clear guidance to help security teams adapt home workers to their new environment which might be helpful for staff still struggling or anxious about their networks.

New threats to consider
One industry benefiting from the crisis is virtual meeting software providers like Microsoft Teams and Zoom. While these tools will be essential for maintaining relationships and close communication between team members or clients, they pose some security risks. Typically, users of these services will see no issues but it is important to ensure that meetings are password protected. As Boris Johnson’s cabinet quickly realised recently, sharing a picture of a Zoom meeting on social media without redacting the meeting code could result in strangers being able to access meetings where personal discussions are occuring. 

The vulnerabilities of personal devices vs corporate devices
Additionally, many businesses may not have been prepared for so many staff to need to work from home so quickly and will not have the device capacity for everyone to work from home at the same time. For those staff who are now likely to be working on personal devices, there are unique security challenges that are mitigated by using corporate computers. These include potentially lower-quality antivirus measures, no encryption and vulnerability to malware from personal use. In finance, these shortcomings will need to be negated as much as possible to keep client and company data secure.

Rise in phishing scams, personal and professional
Security company Proofpoint believes that four out of five scam emails right now mention coronavirus as cyber criminals aim to capitalise on the global suffering and fear of others. These scams are targeting both professional and personal emails, but as the workplace moves closer into our personal space, there is a threat from both to business integrity. Some of the key ways to avoid falling victim are to never click links in emails from those you don’t know (copy and paste the link instead) and avoid interacting with unexpected emails mentioning coronavirus.

Key strategies to maintaining home security
Two-factor authentication 
Ann Johnson, corporate vice president of Microsoft describes multi-factor authentication as the number one security tool workers should be using and claims that 100 per cent of employees should be using it 100 per cent of the time. By adding extra steps to the login or authorisation process, this adds an extra layer of security which will help keep data and transactions safe if one device is compromised. This can take the form of smartphone applications or biometrics software such as Microsoft Hello.

VPN 
A Virtual Private Network (VPN) is an encrypted connection between the home device and the company network. This masks the user’s IP and location and encrypts all data during transfer, meaning company data is protected in transit and is less vulnerable to malicious actors who may be able to break through the defences of an insecure home device.

Antivirus software
Though many people will already be using antivirus software on their home computers, it’s important to ensure that your device is protected when working from home. Run a full scan as early as possible if you haven’t done so in a while and consider other steps such as a firewall and changing your wifi password from its default to something more complex.

Cloud storage/backups
Storing sensitive data on the cloud ensures that all data is secured in a centralised place where its security is more closely monitored. This is safer than local storage as the data can be tracked by the business, removing responsibility from the individual. This method also protects data against vulnerabilities in home networks, which could include malicious software unknown to the user. 

While staff aren’t all expected to be security experts, especially with so many changes happening at once, security is still everyone’s responsibility. 90 per cent of cyber breaches happen as a result of human interaction, so every member of staff will need to be aware of the basic security measures while working from home to support stretched security staff and maintain integrity for their clients. There are few industries where sensitive data is so essential and so vulnerable as wealth management and personal finance, so these steps will be all the more important right now.