The Threat from Within

The Threat from Within

Protecting banks during the challenge of COVID-19 and a reduced staff

Just as banks use every tool at their disposal to maximize revenue opportunities and manage their ledger, they must take the same approach when it comes to security. New challenges with COVID- 19, banks operating with a reduced staff and employees working from home require an updated and more diligent security plan. Insider threat programs are a key component to an overall security plan.

While financial institutions implement some level of security, they can improve their security and insider threat programs leveraging the latest security technologies. Cross-department collaboration, a practice that challenges organizations, is an extremely helpful part of the solution but is often the hardest to execute. Combining the right mix of technology and security staff will better protect financial institutions from insider threats and help meet COVID-19 guidelines.

The biggest risk to financial institutions is the possibility of bank employees accessing private user account data, including account numbers which can be printed, emailed, saved and be sold to bad actors for a high dollar amount. Most banks have deployed an access control system to manage access throughout their complicated environment. Access control systems collect large amounts of employee access data on a daily basis. While the amount of data collected is overwhelming and difficult to manage, it is extremely useful when trying to identify potential risks.

An analytics system can process access control data and assist with insider threat and COVID-19 challenges. Deploying an analytics system alongside an access control and identity management system can help leverage data to identify risks through anomalous behaviors by tracking an employee’s access history and behavior patterns.

HOW ANALYTICS SYSTEMS WORK

People are creatures of habit and have daily work routines based on where they enter a building, what elevator they use, the location of their office or desk. Over time, employees establish their work patterns and the analytics system learns what doors they enter and exit and when they move about. It understands their behavior. The analytics system applies a risk score based on people, location and time.

The score is higher for a person who has access to critical areas such as the data center. A location score would be higher on a data center card reader than a cafeteria door, and scores are lower during the workday and higher during off times.

By understanding an employee’s habits and applying scores to the readers throughout a facility, an overall risk score is established for each employee. Baseline scores demonstrate normal behavior. However, if an employee tries to enter a bank in the middle of the night, the behavior would raise the score.

When a person’s risk score rises above normal, an alert in the dashboard notifies the security team. They can then review the specific employee’s behavior and see if the suspicious behavior is an anomaly or requires further action. Maybe the employee was working late on a project and needed to get into another department that he didn’t have access to after-hours. Or maybe the employee is searching for account data to sell.

An analytics system flags possible early warning signs and alerts the security team to keep a better watch on the situation. Having insight early could prevent a possible breach or crisis because the security team can start to watch the behavior more closely. It will also provide HR teams and management just-cause to investigate and confront the employee about the suspicious activity.

Obtaining this level of insight from your access data is only possible using an analytics system.

LEAST PRIVILEGED ACCESS HELPS MEET COMPLIANCE

When employees start a job, they are given an access card. Often that access card allows them access to many more areas than they need to perform their job, creating a risk. Tightly controlling employee access helps prevent risk. Using an identity management system, banks must implement the least privileged access approach, which gives employees access to only the areas they need to perform their jobs.

Access to additional areas must be requested by the employee. Access is granted for a predetermined amount of time and automatically deactivates access when the time limit expires. It provides an electronic log of all requests and an audit trail to prove compliance. Least Privileged Access works well in heavily regulated industries such as banking. Financial institutions can match up timeframes with regulations to meet compliance.

Each department within a bank works with different files and uses its own standards to complete work. Based on the security program’s rules, the security team should know exactly who within the department should have access to the files, who outside the department is accessing those files, and monitor who tries to get access to those files.

“Banks must monitor all card swipes in areas where physical account data resides,” said Dan Bissmeyer, G4S director of business development. “Anyone from outside that section of the building or another department could possibly be fishing for that data.”

COVID-19 CHALLENGES

The onset of COVID-19 earlier this year brought on new challenges for financial institutions. Banks found themselves scrambling to move employees home to work. Entire security operations centers and call-centers needed to operate from home. Although considered essential, headquarter operations and branches operated with skeleton crews to serve customers.

Insider threat programs are set up to monitor employees, limit access, track how a person might be trying to access areas and information, and respond quickly to mitigate risk. Layers of security, using people and technology, are put in place to protect the company.

“Remote work makes it incredibly dif- ficult to keep an eye on people,” Bissmeyer said. “You lose what you had in your layers of security with physical access, identity management and analytics.”

In a remote setting, a bank must rely on its logical controls to monitor when employees log in and what they are accessing. However, the loss of physical containment is a huge challenge. When operating inside a bank, the employee is surrounded by layers of security that are put in place to protect them and the data they manage. When working remotely, an employee can work anywhere, exposing data on an open laptop to roommates or friends. Printing at home is especially dangerous. Financial hardships due to COVID-19 and the economy may also tempt employees to generate fraudulent loans.

While banks have remained open, they are slowly bringing back more employees to the workplace as restrictions are lifted. The right technology can help with the transition. An analytics system can help a bank remain in compliance and show proof that the bank is operating according to policy. If a bank is running at 50 percent capacity in their buildings, the security team can pull up a dashboard that shows exact capacity at any moment. This ensures they are following the proper health guidelines imposed by authorities and they will meet internal and external compliance standards, which help preserve the bank’s integrity and reputation.

Banks can use contact tracing tools to track employees who may have been near a person who tested positive for COVID-19. If a person tested positive or was exposed, those who have been exposed to that person could easily be identified. Visitor management systems can control and authorize visitors before they arrive. A temporary card can be used from the phone via a QR card reader, eliminating the need to touch a card. Visitors can be required to answer COVID-19 related questions and remotely sign policy documents before being allowed access to a building, ensuring compliance while keeping employees safe from exposure to the virus.

Security officers can capture events using the data from other systems to contain and recover preventing the spread of infection. Proper tracking of COVID-19 diagnoses and all events within an incident management system will help the bank remain in compliance.

CROSS COLLABORATION

Deploying the best technologies can help provide a powerful and comprehensive insider threat and security program, but to have a top-notch program, an organization must have cross-collaboration between its departments. Key stakeholders from HR, legal, IT, facilities and compliance should meet regularly with the security team.

“Reach out and discuss the benefits of having a strong relationship with different departments to not only help build an insider threat program and improve security overall, but to benefit the company as a whole,” Bissmeyer said. “Eliminating silos and working cross-functionally is the only way to have a first-rate security program.”

Different departments perform different investigations and cross-communication could streamline the process and benefit other programs such as workplace violence, business continuity, and crisis management. All of these programs touch other departments. Invite members from these departments to attend regular staff meetings, and request to have someone from the security department at their meetings. Understanding what is happening in other departments eliminates surprises and helps each team be more proactive.

Together, establish workflows when incidents or crises are identified. Dynamic, distributed and auditable workflows will create a streamlined response and improve reaction time. COVID- 19 challenged all aspects of the banking business. Implementing cross-collaboration communication and workflows, along with the right technologies will help banks be better prepared for the next crisis.

This article originally appeared in the September 2020 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.