Can Financial Firms Stay Secure And Compliant While Working Remotely?

Listen to the latest episode of TechTalk Detroit

Join Chuck and Brian as they discuss how financial firms can stay secure and compliant while working remotely.
Listen now or read the conversation below.


Chuck
Welcome back to tech talk, Detroit. I’m glad to have you back, Brian. How you doing?
Brian
I’m doing while all things considered. How about you, Chuck?
Chuck
I can’t complain, You know, things are still going crazy around the world. And in Michigan here we’re up to what, over 15,000 cases now and just continuing to rise. You know, some states have already extended the work at home to June I heard this morning, and we are waiting to see what Michigan’s gonna do in the next couple of days. But I had expected it’s the least gonna get extended till at least the beginning of May, I would think.
Brian
Yeah, I think so. I think, uh, you know, clearly you can’t you gotta error on the side of caution. So if that’s what the data showing, I’m sure that’s the road will be ah trending toward.
Chuck
That’s crazy. It’s just never, never would have thought beginning of the year, that would be we’d be here at this point we’re I think we’re three weeks now working from home. Is that right?
Brian
Yeah. Yeah, we’re going on about close to a month now. So, yup, just settling in at this point, you know, it’s ah kind of getting over the antisense , just kind of coming to terms with it. So doing the best to stay busy. His bestie began, you know?
Chuck
Yeah, I will say that. I feel like I’ve been more busy since this is all started that in. We’ve been working from home. Then I was even before you, which I think is partly natural with working from home because you have less distractions and everything as far as, you know, people walking in your office to talk to you and everything and, um, pretty well set up at home where we got the same productivity outside of that. So I think it’s natural that we’re getting a bit more done, but on top of that, it’s just, you know, um, things have gotten crazy and we’ve been really, really busy lately, which is which is good. It’s been certainly better than the alternative which a lot of businesses are being forced to deal with, right now, but, um, you know, it’s just been interesting to me to see the increased productivity with everybody working from home is as opposed to what some may expect to the other away.
Brian
Yeah, I think when you can’t go do anything, it helps, too. You know, you got nothing to do but work. It seems like you’re so makes a little easier.
Chuck
Yeah, for sure. You know why we’re talking, you know, a bit before we jumped on today and there’s an article that I found that kind of talked about the top three concerns with respect to COVID-19 from a business perspective. And, you know, the biggest one. By far, 84% of people are worried right now about a potential global recession, and it certainly does feel like we’re headed that way, for sure. You know, aside from that, there was the other two top three. Where financial impact, you know, just generally and then a decrease in consumer confidence, reducing consumption. And we’re in a lot of businesses already seeing that you obviously anybody in the retail or hospitality, restaurants, all that kind of stuff, they’re for sure seeing it. You’re manufacturing a lot of them, you know? So it’s something that’s a really big problem out there. And only one of the one of the big verticals that we work with is the financial sector. And so I wanted to talk a bit today about that and really, what those that are in that that finance industry, whether it’s, ah, accountants, tax advisers, whether it’s, uh, you know, those that are working with insurance or financial consulting, that type of stuff. Advisers There’s certain things that, especially right now that they need to be worried about and that’s what kind what this article went into a bit was really during this quote unquote crisis. How do you manage things? How do you respond to those? And from a perspective of a financial services company, what are the most important things toe really be concerned about? So, you know, I thought maybe to take a little bit of time today and and kind of talk about that focus in on those financial service firms that we work with.
Brian
Yeah, I think it’s one of those industries that’s, you know, similar to ours in the sense of, um you know, you’re typically able to transition more to a work from home remote workforce, which is a great ability to be able to transition to something like that. But unfortunately, you know that that also increases. You know, your cyber security concerns or should increase those concerns. And it’s one of the trade offs. You know, it’s great because you can still continue to function in terms of the business. You don’t have to close the doors. You know, it’s not like manufacturing where, you know, potentially you’re out of work until this, this stay at home is lifted. So it’s one of those things where it’s a great advantage, but you have to put some extra detail into how you’re addressing your security. Um, and you know, I’ve seen we could get into it here in a little bit. But there’s, you know, some new exploits that are out there, um, using COVID-19 to fish people and get data and deliver, you know, viruses and such in, You know that it’s a shame, but you knew it was gonna happen eventually here.
Chuck
Yeah like we said before, the bad people are called bad people for a reason. They take advantage there anything they can. And it’s interesting because I think from our perspective, a lot of our clients, you know the financial service is firms are generally some of the ones that that are most open to newest technology, working in the cloud and stuff. And that’s what you know, as you said, kind of lends to them being able to quickly go and work from home now. But I’ve got some friends that work a as tax advisers and they’ve basically shut their office right now because they said that their companies are trying to figure out if they can possibly work from home. They don’t think that they can because they’re too concerned about security. And so I found that that was interesting because obviously you can work from home, no matter really what your industry is. You just got to make sure that you’re still compliant with all of the regulations that you’re under, and, uh, you’ll make sure that you’re not forgetting about those things. So, you know, the financial sector is one of those that we work with that has a lot of regulations that they’re under. And there’s a lot of things now that you have to take into account. When you start sending people home to work from home, whether they’re working on a business computer working on their home computer, whatever it is you can’t forget about those compliance is because eventually something’s gonna come around and they’re gonna want to do an audit. And you got to make sure that you’re pass those, you know, just even from that perspective, let alone if a breach were to happen. And now you’ve got to deal with that reputation hit and the brand recognition that goes along with that and the detriment that can come from all that as well.
Brian
Yeah, I think that’s the key. Is you know, it’s You have to take a step back. Look at okay, what has changed in terms of our workflow, Um, with everybody being remote. And, um, you know, one of the things that I think a lot of companies are experiencing is, um, opening up company data to home computers, you know, especially businesses that utilize desktop computers and things like that. Um, you know, they still want their users to be able to work from home. So I think, you know, initially there is this mad rush to get everybody just set up and be able to work and get the business, you know, transition from the office. To the home as quick as possible without much thought, you know, given to cybersecurity. So I think there’s just some obvious things stuff that we fit on in previous podcasts. But again, you know, it’s there’s tons of overlap with the stuff because it’s just the reality of what we’re faced with. Um, you know, it’s making sure for one, all of your own points were being patching up to date is key. And how do you do that when you have, um, users connecting, you know, with your home computer? So I think that’s something business is really have to try to figure out. Um, the other thing is, you know, make sure you’re using secure measures. Use multi factor authentication on absolutely anything that you can, um, VPN require VPN connections to your home network or to your work network, but take a step above that is, it’s best if you can use MFA on top of your VPN connection. You know, to really ensure that whoever is connecting to that tunnel is is the person you wanted to be. Um, you know what and I think aside from that, you have to just look at you. You mentioned some good things about compliance. And, um, you have to know what kind of compliance policies you’re under, and you almost have to reevaluate. Okay, What is my requirements to be compliant. You almost have to re audit yourself to make sure you’re still meeting all those requirements. Because I think what happens a lot of times is in that that mad shift, that there’s a lot of details that you’re looking over because it’s not part of your normal process, right? You’re you’re deviating from your normal process. I think company should take the time now to circle back over and make sure you are, in fact, still compliant.
Chuck
Oh, absolutely. I think you have to. Um, when you last went through the audit, if you didn’t have a completely remote workforce, there are gonna be certain things that you didn’t think about. Even if you have thought of well, you know, we have a few people working from home. There’s still gonna be things that you didn’t think of. What if those few people are on company owned laptops? But the rest of the work force isn’t or some of the work force is and they’re on their home computers. You know, all of the points that you brought out. But I think absolutely any financial service is company right now. Needs toe Riyadh it themselves against any company compliance, any regulations that they’re under, because most likely they’re going to be missing something somewhere. It’s not a matter of being negligent. It’s a matter of the fact that basically over what about a week time period We went from all working into an office to know almost all of us had to be working from home and we didn’t have a choice. So in order to keep the business going, what did you do? Well, you sent everybody home. You figured out how to quickly get them up and running, get connected to the data they needed. You know, obviously we’re concerned about security through that, but not necessarily to the extent that you had to be worried about the regulations and the compliance pieces. So I think absolutely have to Now go back and say, Okay, now we’re all working from home businesses able to continue. Now, let’s make sure that we’re properly protected and put in any of any additional pieces that we need to to meet those regulations.
Brian
Yep. So I think you know something else to talk about, that I have mentioned previously was new exploit out. So something else to consider is the fact that you know, a lot of businesses. We’ve all seen tons of e mails going out. We’ve all said amount ourselves, you know, explaining how are businesses impacted by covert 19 What we’re doing to adjust, Um, you know, any process or work flows that are changing moving forward? We’ve all notified our clients is such that being said, You know, at this point, I’ve seen so many e mails come through referencing covert 19 that it just kind of seems standard, um, dinner practice now and we fit the point now where that’s truly being exploited. Um, you know, inside the last week, Um, no, before who is a one of the partners of ours. But there, Ah, security. Where in his firm, Um, that that does security awareness training for your end users. They’ve, um, open up a bit about some of the exploits they’re seeing, and, you know, it’s it’s stuff that if you read it, it’s gonna catch people’s attention right now, Right? Everybody’s Everybody’s worried about what’s going on around them, but they worry about your family friends. You know, who have you come in contact with that potentially was sick. And that’s exactly what this emails doing. It’s it’s sending out. It looks like it’s coming from a legit hospital. It’s saying, You know, you have been You’ve been in contact with either a friend or family or coworker that tested positive and we need you to, um, you know, fill out some data on the spreadsheet, you open up the spreadsheet and the data is really insignificant. What you’re filling out. What it’s doing is you’re now allowing a virus to be distributed to that workstation, which then can go and, um, spread across the rest of the work stuff. So that’s kind of the reality of what we’re dealing with now is We’ve become so used to seeing the COVID-19 stuff that anything we see, you know, I think a lot of people are just engrossed with any bit of information they can get about it because there’s a lot of stuff that we don’t know. So it’s very important during these times to make sure that your users understand that you know E-mails you’re still at risk for what you click and checking to be well aware at all times. Don’t get caught up in the moment. Um, and I think you know, we hit a point where if you don’t already use security awareness training that you’ve had, this is the perfect time to get that in place. Um, because most exploits to start with your end users. I mean, that’s the reality, you know, it’s people think they’re doing well, they’re clicking and email, you don’t think there’s much harm, but next thing you know, it’s, you know, it’s a real issue.
Chuck
For sure, and it’s it’s interesting because the the email you’re referring to, it’s got an Excel attachment and says, uh, print this, uh, a chance for him that has your information pre filled in. So that even makes it again, seem more legit because they’re saying that it’s already got your information in there. Of course, when you open, it obviously does not have your information in there. But you need to click a few things to get to that information. And we clicked on a few of those few things. At that point, you already let the person in into the environment. So it’s, you know, it’s amazing the things that these people think of. It’s so sad that this is the type of stuff that we have to deal with right now that people are so bent on playing to people’s fears and exactly, concerns and everything to try to now see, how can I exploit this but that unfortunately that is the world that we live in, and they see everybody upping their security posture right now because everybody, the bad people are upping their game right now and they’re go. They know that people are working from home. They know that people are more susceptible to stuff like somebody saying Hey, you’ve been exposed to the Coronavirus so they’re taking every advantage that they can to try to play into that and exploit anybody in any way that they can cause. That’s now an opportunity, whether it’s access into your own personal stuff or access into your company’s stuff, which now gives them potentially access to a lot more as well. So it’s just it’s sad that that’s the world that we live in, but it is. So we have to. We can’t pretend like it doesn’t happen or like we’re not going to be impacted by it. Instead, we have to make sure that we’re putting the right protections in place to properly protect against this stuff. And as you mentioned, that starts with educating the staff on what to be suspicious of, what look for when they get an email, how to know if it’s suspicious or not. And then even with no before with the partner that we use for security awareness training, they even give you a button right inside of outlook that you can use to basically report it and say, you know, is this something I should be suspicious of? So even if it’s not something that you’re 100% aware of, and that’s really how they found out about these e mails. They had so many customers that were clicking that official or button inside of their email for this particular email. And so that’s kind of how they became aware of it as well. So there’s just so much that you need to be on the lookout for in that in that same article they talk about the five, their five high priority recommendations and we’ve already talked about all of these, but just kind of give him from another source who talks about a VPN. Having single sign-on. They mentioned multi factor authentication as well security awareness training and then fully patched machines. And it says “in the cloud, the office and at the house”. That’s really what we’ve been talking about hers, these people, they’re going home and working now from their home computer, you know, are they on Windows 10 or at least Windows 8? Well, he certainly should not be allowing anybody access to your business network if they if they’re on Windows 7 still, it’s way too big of a security risk, are they if they’re on those operating systems, those supported operating systems, are they properly patched? They have antivirus on them? All of that kind of stuff is really what you got to start looking at from just a standpoint of protecting your own data in your company, but also from that regulation and compliance standpoint as well.
Brian
Yeah, and again, you know, just to hammer the point again, if you don’t already have a security awareness training platform in place, this is a good a time as any to get it in there. You know, I think, um, it’s important for your own users to understand these different threats that are out there and to know what to look for. You know, if you sit down and you think about it, we all know that health information cannot be exchange via email through a website, you know, and that’s that we’re all protected from that standpoint, So when you take a step back and think about it, it’s it’s obvious. But when you’re in the moment and you’re dealing with the stuff, you know you can’t get away from it. It’s on the news. It’s everybody talking to you all day. It’s very easy to forget about those kind of things and just, um, you know, click a link. So be very careful. Make sure your own users are aware of these type of threats out there. Um, you know, and just do your best to get all the precautions in place.
Chuck
Yeah, absolutely. And, you know, we talked a bit, you know, at the beginning there of the things that most companies are worried about right now. And, you know, all the top three are all around financial issues, obviously. So we know that a lot of companies right now, you know, some of the lot of them have closed down temporarily. Um, you know, those that are still open a lot are still dealing with the others. The fall from not having as many clients or as much business. So there’s lot of concern out there right now around finances and business and how to keep things going. And we just wanted a point, everybody to remind everybody, I guess, is a better way to say it of the SBA funding options that have come out. I don’t know if it’s the right fit for your business or not, but you know something to look into it. If you aren’t aware of it, you can go to SBA.gov And you know there’s the paid the paycheck protection program. There’s a lone advance. There’s a bridge loan. There’s the debt relief. You know, these are all meant to try to help small businesses out through this time. You know, the paycheck protection program. I think you get a lone 2.5 times what your payroll is. If I remember right, at least 75% of a non payroll it’s a forgiven load as well. And even if it’s not, it’s a 1% interest rate on the loan. So it’s still a decent thing to think about. You know, hopefully you don’t need it, but you know something for sure to look into and have at the ready in case you to help you get through this this time period as well. But we just wanted to, you know, take a little bit of time today focusing on that financial district. But really, everything that we’ve talked about is really applies to all businesses. You know, it’s not just the financial businesses that need to be worried about these things. It’s really any business that’s got people working from home. But there are certain things, especially that finance businesses need to be worried about around just like health care companies, what is well around compliance around regulations and some legal companies as well. So I always wanted to take a little time focusing on that and, uh, just kind of reiterate what we need to be thinking about now as people are working from home. Absolutely. We appreciate your time and we’ll talk to you again in a week.