Leaving the Nest: Seven Ways to Secure a Maturing Workforce

By Chris Tuzeneu

Depending on your bank’s security and risk posture, you may have some or most of your employees working remotely, or at least remote-capable. Maybe you have considered, as many companies have, making this option available to your staff for the foreseeable future. Here is a quick checklist to make sure your staff and data are safe however they stay connected.

1. Enable Multifactor Authentication (MFA) on your VPN connection. Whatever your implementation, there is most likely a way to turn on MFA so it takes more than a username and a password to gain access to your internal network. Easily guessed passwords aside, all it takes is one successful phishing email to gain an employee’s password – and if someone knows your email address, chances are they know your username!
2. Enable Multifactor Authentication for as many online accounts as possible. With cloud applications being provided by many of your vendors and even your core, a VPN may not even be required to access sensitive data. Identify your critical applications and make sure they support MFA. With password reuse being a continual problem, it is best to have as many layers of protection working for you as possible.
3. Get your employees to use a company-controlled password manager. With bad passwords and password reuse being such an issue, having a subscription to an enterprise version of a password manager could pay dividends in preventing future breaches. It also makes life easier when there is turnover, allowing you to easily disable employee access.
4. If bandwidth supports, use a full-tunnel VPN instead of a split-tunnel. Basically, this secures all internet activity on a laptop, not just the connection back to the bank. This is especially good to have in place if employees travel regularly and use public Wi-Fi. Just make sure you have a good connection at your main location, because even a request to “google.com” will be routed through the bank.
5. Never stop Do phishing and social engineering tests regularly. Secure email gateways are great, but they are not infallible. A strong security culture is one of the best protections!
6. Use cloud-managed AV and endpoint protection software. Make sure your security software does not need to be inside the bank network to continue to update and function. Visibility is key!
7. Make sure encryption is turned on. Some systems have encryption enabled out of the box, but with others, you need to turn it on. Check with IT and make sure security features like BitLocker and TPM are available and active for any system that might leave the walls of your bank.

Mobile access to corporate resources is becoming more and more common and looking at these items will help you manage risk as employees “leave the nest” – helping them be both productive and secure.