How can the financial services sector rise to the challenge?
A full return to the office is unlikely for many organisations. At least not in the same way as pre-pandemic. The shift to hybrid working has given people the flexibility of working from home with the social advantages of in-person.
In 2022, THIS is the new normal.
But let’s rewind for a moment. Think back to the moment millions of people were ordered to work from home.
There was one sector in particular that had to change – fast. Financial service organisations had to completely rethink their working practices. And security professionals were at the forefront of quickly finding ways to support and assist hybrid workers.
A dramatic start, yes, but it wasn’t a bad thing. It was driven by necessity and forced changes into action. Changes that should have happened a long time ago. Inclusive policies, and more flexibility for teams, to name just two.
The pandemic also included new ways of approaching human cyber risk. It forced organisations to stop and think. This re-evaluation has driven positive changes for cyber security.
Building a people-centric cyber security culture
For teams working from home, security assistance must be easily accessible. This hasn’t always been the case. The truth is that in many organisations, security for remote workers has slipped under the radar. Until now.
Accessibility isn’t the only ingredient to success. Security initiatives should be tailored for each individual. People react to things differently, it’s human nature. To reduce risk, the way we approach cyber security for each of them should be different too.
A good, and effective cyber security culture is people-centric. That means creating an environment where workers can raise security concerns freely. Especially in the financial services sector. The reality is in this industry people are wary to report incidents. They might be concerned about punishment, or risk to their job security. With compliance so heavily emphasised, it’s no wonder this is the case!
But compliance demands shouldn’t be all that businesses focus on. People, above all, should be their first concern. An empowered workforce can, and should, be an organisation’s strongest line of defence!
CISOs that stop at compliance are asleep at the wheel
In the financial services sector, the term ‘compliance’ is never very far from the tip of the tongue.
To many people, being compliant is seen as being secure. And that’s where they’re wrong!
As Martin Smith MBE explained in the latest webinar hosted by CybSafe, compliance is like holding a driver’s licence. The holder has satisfied the base level requirements. They’ve completed their theory, and passed their test. But it doesn’t mean they’re driving safely day to day, or that they’re someone you should trust to transport your painstakingly created Lego Death Star to ComiCon!
To really be secure, organisations have to do so much more than just tick boxes. Meeting requirements for the sake of it doesn’t protect your workforce. And it might even distract organisations from what really matters.
You see, compliance is only the starting point. A baseline for business. Not where organisations become cyber secure.
The right types of measurement
Once you’ve got the right security initiatives in place, how can you be sure they’re working?
Financial service organisations are used to collecting hoards of data. But is it the right data? And can it influence their cyber security?
Felipe measures how many people click a phishing link over a month. He thinks this is a useful metric. It gives insight into how cyber secure his colleagues are. It tells him about their security awareness.
But the results Felipe collects are limited. Alone, all they tell him is how many people were fallible on that day, to that particular message.
What they don’t tell him is why people reacted the way they did. What compelled them to click? What factors during their day influenced this? And which individuals or groups were more at risk?
Security metrics should go beyond measuring awareness. The right ones examine people’s behaviour too. And try to understand why they’re behaving in a certain way.
Metrics that examine all three can help improve cyber security programs for hybrid workers.
With challenges, come opportunities…
The shift to hybrid working wasn’t easy for the financial services sector. Security professionals had to tackle increased risk. They were met with the challenge of changing behaviour remotely.
As a result, the past two years have seen a shift to meet the demands of hybrid working. We’ve seen a culture shift in cyber security, and innovation in security initiatives. Ones that are inclusive, personalised, and adaptable for hybrid teams. And it’s only going to get better!
In the aftermath of the pandemic, cyber security is now in the limelight. Finally! The sector has been established as a critical business enabler. And security professionals now have the opportunity to act.
Find out more about how to protect your hybrid workforce!
Has this piqued your interest? Learn more about cyber security in a hybrid work environment in the recent webinar hosted by CybSafe. Five security experts from the financial services sector discussed the steps businesses can take.
You can access the full recording here!