More employees take work home, as companies around the world pivot toward remote operations. However, these movements have not been without challenges, especially in the field of cybersecurity. Companies are beginning to realize that the approaches that served them in the office are not appropriate to help them fight fraud and other cybercrimes, as processes and employees remain digital. This understanding pushes many companies to re-evaluate how they protect the flow of information and sensitive funds between employees and suppliers, said Leon Brockway Jr., head of information security at financial services provider Tompkins Financial Corporation, in an interview recent with PYMNTS.
“Traditionally, security and cybersecurity have depended on the detection and protection of boundaries or perimeters,” he said. “This was broken down from a scalable and sustainable approach to primary protection. Businesses and organizations created programs to protect and keep things within their network of trust. … The paradigm changed – really, [problems were] exacerbated because most of the workforce is now remote. Changing this paradigm primarily forces security organizations to contemplate and rethink, “Well, if the perimeter doesn’t protect everything, how do we maintain our level of security protection?” and perhaps [they will] improve [their] security architecture for a very remote workforce and a digital customer base. “
Companies need to move quickly to respond to these new cybersecurity considerations, Brockway added, as the world of work is unlikely to fully revert to its previous state. Sound online security processes will become critical as an increasing number of employees work remotely, especially those who need access to protected data or company funds.
Responding to the change in digital security
Many companies have fundamentally changed the way they think about the digital workplace over the last year. They secured their data by creating firewalls or other barriers in their attempts to prevent scammers from attacking their systems. However, the increase in the number of remote workers has shed new light on some of the risks associated with this strategy, he noted.
“These protection barriers (firewalls, intruder prevention systems that protect everything inside, the trust zone) no longer offer the same level of scalable security protection, as there are so many assets of the company they are now outsiders, they are in people’s homes. in remote places, “he said.” The border we rely on for our security checks didn’t go away or break to a point where it wasn’t useful, but people and security professionals need to understand what [the legacy practice] does not protect assets to the same degree as before “.
Thus, companies need to reform their fraud protection strategies to protect data and connections that originate outside of their trusted networks. This means updating not only how they protect money and funds, but rethinking the way they perform daily tasks or money transfers. Companies must implement security measures that can nullify scams that take advantage of the distance of employees from other team members, including internal fraud attempts, corporate email engagements (BECs), or scam schemes. fishing.
“Often, BEC [fraudsters are] will want to monetize the process, “Brockway said.” They’ll want to find a way to get money quickly and efficiently. ‘Who am I talking to? How can I get money? In the back office, having robust controls with double control or double authorization is that is, if someone receives an email and is asked to transfer money, is there someone else in the process who authorizes this move? Maybe one person can request it and another person can authorize it. This will help minimize or mitigate the risk of BEC in which someone asks for money movement, a cable, an ACH – [just] making sure there are two controls [in] the back office will go a long way in preventing many fraud scams at the BEC. [It requires] in addition to a person for cheating, for example, to move that money. In addition, requiring a second line of verification, such as the callback process to verify the legitimacy of email requests, is a simple but effective tool for protecting against BEC. “
The integration of tools that can provide such checks and balances in digital money or data transfers will be key to keeping fraud at bay while companies operate remotely. The key factor involved in these controls is determining whether the employees attempting to move these funds are who they say they are or whether they have legitimate reasons to make the transfers. This places solid authentication at the heart of companies ’cybersecurity strategies.
Switch to multifactor authentication
Advanced verification and authentication measures are key components in the fight against digital fraud and multifactor authentication (MFA) is emerging as an essential tool for many businesses. MFA requires companies to verify the identity of employees, vendors, or customers using at least two of three different factors: something an individual is, including fingerprint or facial recognition tools, something that they have what they know. Many companies already use a single factor, usually something known, or in some cases use dual authentication, which requires authentication of two types of the same factor, such as asking customers for memorized passwords and PINs, for example. Brockway said this is no longer appropriate to protect systems and customers.
“Whenever possible, you should use [MFA]”Many organizations, and even, in some cases, security providers, say,” We do multifactor authentication, “when they’re actually doing dual authentication: they do two things the same thing, without reaping the full benefits. of the MFA “.
Companies that continue to operate remotely must be prepared to invest in technologies and procedures that keep their data and funds safe. Establishing checks and balances and incorporating MFA solutions could go a long way in keeping them free from fraud inside and out.