The COVID-19 pandemic fundamentally changed the way that the financial industry does business. Before lockdown, an estimated five million Americans worked primarily from home, but 2020 saw that number skyrocket as employers struggled to pivot their workforce away from the office while maintaining production and volume. Banks, lenders, and other financial institutions were especially impacted, but were largely successful in transitioning their staff to a ‘work from home’ employment model. Now, as the COVID-19 pandemic slowly retreats across America, the financial industry finds itself at a crossroads. Volume and production in the mortgage industry remains at a very high level, but the risks of working away from the office continue to cause sleepless nights for management and IT staff across the country.
Simply put, employees working from home are an enormous security risk for servicers and other financial institutions. Phishing and other cybersecurity attacks have steeply risen since the outset of the pandemic, as hackers and online scam artists exploit hastily-assembled home networks and their vulnerabilities. In layman’s terms, the more spread out a company network is, the more susceptible it is to external attack. And with some employees now working hundreds, even thousands, of miles away from a company’s ‘home office,’ the likelihood that a network can be exploited is dangerously high. A security survey in March of 2020 revealed that a remote home office network was 3.5 times more likely to be infected with malware and 7.5 times more likely to have multiple malware infections than a corporate network.
One dangerously-susceptible target for hackers is capitalizing on employees’ use of social media. If a remote worker improperly utilizes their company computer for personal use, such as logging on to their social networks, this misuse dangerously exposes the network to external attacks. If the employee were to click on a malware or phishing link while using company property, they can unknowingly download a virus to the computer, which may not only infect the computer itself, but could even attempt to gain access to the company network to which it is connected and the troves of personal and financial information therein.
IT departments have had their hands full combating this fresh onslaught of cyberattacks, but do have many tools at their disposal. Lenders can use social media monitoring tools to both monitor employee activity on social media while also automatically archiving content for regulators. Most companies use Virtual Private Networks (VPNs) to create a secure link between a remote employee and the company. VPNs are generally a very safe option, but not infallible, as hackers have attuned their attacks in recent months in an attempt to exploit VPNs. But there are many other corporate security controls that see widespread use, such as data loss prevention software, anti-virus and malware software, and even behavior analytics and anomaly detection programs that constantly monitor how the employee is using the system in an effort to detect unusual behavior and potential security risks.
By using these tools and educating their new remote workforce in the potential dangers of working from home, companies have a much better chance of avoiding the pitfalls that come with today’s remote employment environment.