By Brian Halpin, SVP Advisory, Customer Strategy and Transformation, Blue Prism
As CEOs from financial services companies debate in public forums whether their teams should return to the office or continue working remotely, the only certainty is that new, more flexible or hybrid models are likely to continue operating for some time.
Deciding whether employees can make their most creative and valuable contributions in a virtual office environment is only one consideration for senior leaders of financial institutions. Another important factor is whether data security is at greater risk when staff are working from home, or post-lockdown, from a remote location or workspace.
When the pandemic hit, there were limited opportunities to consider the security impact of remote working. The overriding issue was to get people set up and operational, often overnight. By and large, banks not only achieved that aim, but were able to get new systems to cope with business loans or payment holidays up and running within weeks.
The theme adopted by heads of risk and compliance in such an unprecedented situation was that businesses had to do what they had to do, and that regulators would be satisfied with actions taken as long as financial institutions could demonstrate when and why they had taken particular decisions.
The good, the bad and the ugly
However, the problem that remains is that most core banking systems were not designed to be accessed by remote workers. Systems operated by business process outsourcing (BPO) providers in particular were likely to be protected with physical security measures such as having no printers or smartphones allowed on the floor.
Lockdown meant those measures were no longer possible, and organizations have needed to take employees on trust when working from home. However, it’s a truism that while a crisis brings out the best in many people, it also brings out the worst in those who see an opportunity to exploit it.
As a result, there has been a significant spike in cyber-incidents such as phishing attacks and fraud on a global basis since the beginning of 2020. In April 2020, Google announced that it had seen 18 million daily malware and phishing emails related to COVID-19 scams in just the previous week.
And in July 2020, ActionFraud in the UK said that a total of £11,316,266 had been reported lost by 2,866 victims of coronavirus-related scams.
As Deloitte writes: “Cyber-attackers see the pandemic as an opportunity to step up their criminal activities by exploiting the vulnerability of employees working from home and capitalizing on people’s strong interest in coronavirus-related news (e.g. malicious fake coronavirus related websites).”
Just clicking on a malicious link could open up corporate data to ransomware attacks or theft, so as well as having the obligation to protect information, banks have a responsibility to shield their employees from security risks as much as they can.
How can intelligent automation help?
Intelligent automation enables organizations to employ digital workers, which can manage work processes in collaboration with humans. The key advantage is that digital workers don’t need to operate remotely away from core systems, and can function 24/7, 365 days a year.
In a traditional set-up, operational teams typically choose tasks from a workflow queue and require access to a wide range of corporate systems and data in order to complete the task. With intelligent automation, there’s an opportunity to flip this approach on its head.
Digital workers can be trained to identify tasks to send to relevant individuals along with the minimum data required. Once the human worker has decided on next steps, they can call on a digital worker to complete the task on their behalf and therefore do not require remote access to multiple systems. Access to data is then tightly controlled so that only information required for each task is available – improving data security significantly.
This approach would protect employees from having access to every system to a far more granular and flexible level that ID management can achieve. It is also much less invasive than alternative methods such as keystroke recording or—even worse—setting up webcams to check up on staff working from home.
It’s an approach that would appeal to heads of risk and compliance too, since intelligent automation systems like Blue Prism provide full audit reports of which data a digital worker has accessed and sent. Every click is recorded so that if there is a breach of any kind, it is easy to trace it back to source and dealt with easily and quickly.
Navigating the way ahead
The 2008 financial crisis introduced massive change to regulation, once the initial panic to keep banks operational was dealt with. It’s more than likely that there will be more changes post-pandemic as regulators contemplate the impacts on banks’ working practices from lockdown and the risks that these have introduced.
Such change will be necessary for the sake of employees and customers, as well the three lines of defense tasked with running a successful bank. Enabling the business to use digital workers and intelligent automation to reimagine processes that reduce data security risks is a good place to begin.