Remote working: A growing target for hackers

The widespread use of working from home (WFH) during the pandemic, regardless of sector or geographical location has required organisations and their information systems (IS) management to be very agile in deploying or increasing their capacity for remote collaboration. Some institutions were already prepared – for example, following the wave of strikes at the end of 2019 in France – while others had not previously rolled out solutions for their staff on a significant scale.

From the outset of lockdown, a central issue arose for remote working: how to ensure the same security level at home as in the office. Banking staff, like many others, have been targeted by or fallen victim to groups of hackers or subjected to similar threats. There are daily press reports of successful attacks, often knocking out part of the information system and operations.

Even if staff are provided with a secure working environment such as via a virtual private network (VPN) between the PC and the IS to encrypt data in internet communications, restricting the use of USB memory sticks or double authentication to access sensitive transactions, the risks appear to have multiplied since March 2020.

Warnings issued

In April 2020, the Financial & Stability Institute warned financial institutions of the risks linked to the combination of the pandemic and the massive rise in WFH and of the need to remain vigilant in the face of these threats. Other organisations, such as NASA, issued warnings in early April 2020 about the rise in cyberattacks targeting staff working remotely. In July 2020, the credit rating agency Moody’s released a note reporting a huge rise in attacks on banks and attempts to access or retrieve personal information. 

Address the weakest link

With technological security measures not enough to reduce the risks, success and resilience in the face of cyberattacks in these times of increased remote working is about addressing the weakest link; the user.

With a particular focus on threats when working remotely, mobilising staff and raising their awareness is essential, alongside increasing the solutions and services to detect attacks. In addition, identifying the threats specific to a given organisation and regularly reviewing cybersecurity maturity can help strengthen digital risk management and reduce the risk of cyberattacks.

As remote collaboration becomes more commonplace, financial organisations need to keep one step ahead by developing a digital risk management approach that not only addresses operational factors but also takes account of the human element.


This article originally appeared on Mazars.fr in ‘Les 5 incontournables des comités d’audit et gouvernance – Numéro 15’. You can read it in French here.