Mark Williams, Director of Sales EMEA at AMAG Technology reveals how an analytics system can help financial institutions mitigate risk.
Banks must use every tool at their disposal to maximise security during this unprecedented time. New challenges with COVID-19 including banks operating with reduced staff and employees working from home demand an updated and more thorough security plan. Insider threat programs play a key role in an overall security plan. While financial institutions implement some level of security, they can improve their security and insider threat programs by leveraging the latest security technologies. Cross-department collaboration is an extremely helpful part of the solution but is often the hardest to execute. Combining the right mix of technology and security staff will better protect financial institutions from insider threats and help meet challenging and new COVID-19 guidelines.
The biggest risk to financial institutions is the possibility of bank employees accessing private user account data including account numbers which can be printed, emailed, saved and sold. Most banks have deployed an access control system to manage access throughout their complicated environment. Access control systems collect large amounts of employee access data on a daily basis. While the amount of data collected is overwhelming and difficult to manage, it is extremely useful when trying to identify potential risks.
An analytics system can process access control data and assist with insider threat and COVID-19 challenges. Deploying an analytics system alongside an access control and identity management system can help leverage data to identify risks through anomalous behaviours by tracking an employee’s access history and behaviour patterns.
How do analytics systems work?
People are creatures of habit and have daily work routines based on where they enter a building, what elevator they use, the location of their office or desk, etc. Over time, employees establish their work patterns and the analytics system learns what doors they enter and exit and when they move about. It understands their behaviour.
The analytics system applies a risk score based on people, location and time. The score is higher for a person who has access to critical areas such as the data centre. A location score would be higher on a data centre card reader than a cafeteria door and scores are lower during the workday and higher out of hours.
By understanding an employee’s habits and applying scores to the readers throughout a facility, an overall risk score is established for each employee. Baseline scores demonstrate normal behaviour. However, if an employee tries to enter a bank in the middle of the night the behaviour would raise the score.
When a person’s risk score rises above normal, an alert in the dashboard notifies the security team. They can then review the specific employee’s behaviour and see if the suspicious behaviour is an anomaly or requires further action. Maybe the employee was working late on a project and needed to get into another department that he didn’t have access to after-hours. Or maybe the employee is searching for account data to sell.
An analytics system flags possible early warning signs and alerts the security team to keep a better watch on the situation. Having insight early could prevent a possible breach or crisis because the security team can start to watch the behaviour more closely. It will also provide HR teams and management just-cause to investigate and confront the employee about the suspicious activity.
Obtaining this level of insight from your access data is only possible using an analytics system.
Meet compliance with least privileged access
When an employee starts a job, they are given an access card. Often that access card allows them access to significantly more areas than they need to perform their job, creating a risk. Tightly controlling employee access helps prevent risk. Using an identity management system, banks must implement the least privileged access approach, which gives employees access to only the areas they need to perform their jobs.
Access to additional areas must be requested by the employee. Access is granted for a predetermined amount of time and is automatically deactivated when the time limit expires. The system provides an electronic log of all requests and an audit trail to prove compliance. Least privileged access works well in heavily regulated industries such as banking. Financial institutions can match up timeframes with regulations to meet compliance.
Each department within a bank works with different files and uses its own standards to complete work. Based on the security program’s rules, the security team should know exactly who within the department should have access to the files, who outside the department is accessing those files and monitor who tries to get access to those files.
“Banks must monitor all card swipes in areas where physical account data resides,” said G4S, Director of Business Development, Dan Bissmeyer. “Anyone from outside that section of the building or another department could possibly be fishing for that data.”
The onset of COVID-19 earlier this year brought on new challenges for financial institutions. Banks found themselves scrambling to move employees home to work. Entire security operations centres and call-centres needed to operate from home. Although considered essential, headquarter operations and branches operated with skeleton crews to serve customers.
Insider threat programs are set up to monitor employees, limit access, track how individuals are trying to access areas and information and respond quickly to mitigate risk. Layers of security, using people and technology, are put in place to protect the company.
“Remote work makes it incredibly difficult to keep an eye on people,” said Bissmeyer. “You lose what you had in your layers of security with physical access, identity management and analytics.”
In a remote setting, a bank must rely on its logical controls to monitor when employees log in and what they are accessing. However, the loss of physical containment is a huge challenge. When operating inside a bank, the employee is surrounded by layers of security that are put in place to protect them and the data they manage. When working remotely, an employee can work anywhere exposing data on an open laptop to roommates or friends. Printing at home is especially dangerous. Financial hardships due to COVID-19 and the economy may also tempt employees to generate fraudulent loans.
While banks have remained open, they are slowly bringing back more employees to the workplace as restrictions are lifted. The right technology can help with the transition. An analytics system can help a bank remain in compliance and show proof that the bank is operating according to policy. If a bank is running at 50% capacity in their buildings, the security team can pull up a dashboard that shows exact capacity at any moment. This ensures they are following the proper health guidelines imposed by authorities and they will meet internal and external compliance standards, which help preserve the bank’s integrity and reputation.
Banks can use contact tracing tools directly linked to the access control system to track employees who may have been near a person who tested positive for COVID-19. If a person tested positive or was exposed, those who have been exposed to that person could easily be identified. Visitor management systems can control and authorise visitors before they arrive. A temporary card can be used from the phone via a QR card reader, eliminating the need to touch a card. Visitors can be required to answer COVID-19 related questions and remotely sign policy documents before being allowed access to a building, ensuring compliance while keeping employees safe from exposure to the virus.
Security officers can capture events using the data from other systems to contain and recover preventing the spread of infection. Proper tracking of COVID-19 diagnoses and all events within an incident management system will help the bank remain in compliance.
Cross departmental collaboration is key
Deploying the best technologies can help provide a powerful and comprehensive insider threat and security program, but to have a world-class program, an organisation must have cross-collaboration between its departments. Key stakeholders from HR, legal, IT, facilities and compliance should meet regularly with the security team.
“Reach out and discuss the benefits of having a strong relationship with different departments to not only help build an insider threat program and improve security overall, but to benefit the company as a whole,” said Bissmeyer. “Eliminating silos and working cross-functionally is the only way to have a first-rate security program.”
Different departments perform different investigations and cross-communication could streamline the process and benefit other programs such as workplace violence, business continuity and crisis management. All of these programs touch other departments.
Invite members from these departments to attend regular staff meetings and request to have someone from the security department at their meetings. Understanding what is happening in other departments eliminates surprises and helps each team be more proactive.
Together, establish workflows when incidents or crises are identified. Dynamic, distributed and auditable workflows will create a streamlined response and improve reaction time. COVID-19 challenged all aspects of the banking business. Implementing cross-collaboration communication and workflows, along with the right technologies will help banks be better prepared for the next crisis.
This article was originally published in the September 2020 edition of International Security Journal. Pick up your FREE copy here