The Threat from Within

The Threat from Within

Protecting banks during the challenge of COVID-19 and a reduced staff

Just as banks use every tool at their disposal to maximize revenue opportunities and manage their ledger, they must take the same approach when it comes to security. New challenges with COVID- 19, banks operating with a reduced staff and employees working from home require an updated and more diligent security plan. Insider threat programs are a key component to an overall security plan.

While financial institutions implement some level of security, they can improve their security and insider threat programs leveraging the latest security technologies. Cross-department collaboration, a practice that challenges organizations, is an extremely helpful part of the solution but is often the hardest to execute. Combining the right mix of technology and security staff will better protect financial institutions from insider threats and help meet COVID-19 guidelines.

The biggest risk to financial institutions is the possibility of bank employees accessing private user account data, including account numbers which can be printed, emailed, saved and be sold to bad actors for a high dollar amount. Most banks have deployed an access control system to manage access throughout their complicated environment. Access control systems collect large amounts of employee access data on a daily basis. While the amount of data collected is overwhelming and difficult to manage, it is extremely useful when trying to identify potential risks.

An analytics system can process access control data and assist with insider threat and COVID-19 challenges. Deploying an analytics system alongside an access control and identity management system can help leverage data to identify risks through anomalous behaviors by tracking an employee’s access history and behavior patterns.


People are creatures of habit and have daily work routines based on where they enter a building, what elevator they use, the location of their office or desk. Over time, employees establish their work patterns and the analytics system learns what doors they enter and exit and when they move about. It understands their behavior. The analytics system applies a risk score based on people, location and time.

The score is higher for a person who has access to critical areas such as the data center. A location score would be higher on a data center card reader than a cafeteria door, and scores are lower during the workday and higher during off times.

By understanding an employee’s habits and applying scores to the readers throughout a facility, an overall risk score is established for each employee. Baseline scores demonstrate normal behavior. However, if an employee tries to enter a bank in the middle of the night, the behavior would raise the score.

When a person’s risk score rises above normal, an alert in the dashboard notifies the security team. They can then review the specific employee’s behavior and see if the suspicious behavior is an anomaly or requires further action. Maybe the employee was working late on a project and needed to get into another department that he didn’t have access to after-hours. Or maybe the employee is searching for account data to sell.

An analytics system flags possible early warning signs and alerts the security team to keep a better watch on the situation. Having insight early could prevent a possible breach or crisis because the security team can start to watch the behavior more closely. It will also provide HR teams and management just-cause to investigate and confront the employee about the suspicious activity.

Obtaining this level of insight from your access data is only possible using an analytics system.


When employees start a job, they are given an access card. Often that access card allows them access to many more areas than they need to perform their job, creating a risk. Tightly controlling employee access helps prevent risk. Using an identity management system, banks must implement the least privileged access approach, which gives employees access to only the areas they need to perform their jobs.

Access to additional areas must be requested by the employee. Access is granted for a predetermined amount of time and automatically deactivates access when the time limit expires. It provides an electronic log of all requests and an audit trail to prove compliance. Least Privileged Access works well in heavily regulated industries such as banking. Financial institutions can match up timeframes with regulations to meet compliance.

Each department within a bank works with different files and uses its own standards to complete work. Based on the security program’s rules, the security team should know exactly who within the department should have access to the files, who outside the department is accessing those files, and monitor who tries to get access to those files.

“Banks must monitor all card swipes in areas where physical account data resides,” said Dan Bissmeyer, G4S director of business development. “Anyone from outside that section of the building or another department could possibly be fishing for that data.”


The onset of COVID-19 earlier this year brought on new challenges for financial institutions. Banks found themselves scrambling to move employees home to work. Entire security operations centers and call-centers needed to operate from home. Although considered essential, headquarter operations and branches operated with skeleton crews to serve customers.

Insider threat programs are set up to monitor employees, limit access, track how a person might be trying to access areas and information, and respond quickly to mitigate risk. Layers of security, using people and technology, are put in place to protect the company.

“Remote work makes it incredibly dif- ficult to keep an eye on people,” Bissmeyer said. “You lose what you had in your layers of security with physical access, identity management and analytics.”

In a remote setting, a bank must rely on its logical controls to monitor when employees log in and what they are accessing. However, the loss of physical containment is a huge challenge. When operating inside a bank, the employee is surrounded by layers of security that are put in place to protect them and the data they manage. When working remotely, an employee can work anywhere, exposing data on an open laptop to roommates or friends. Printing at home is especially dangerous. Financial hardships due to COVID-19 and the economy may also tempt employees to generate fraudulent loans.

While banks have remained open, they are slowly bringing back more employees to the workplace as restrictions are lifted. The right technology can help with the transition. An analytics system can help a bank remain in compliance and show proof that the bank is operating according to policy. If a bank is running at 50 percent capacity in their buildings, the security team can pull up a dashboard that shows exact capacity at any moment. This ensures they are following the proper health guidelines imposed by authorities and they will meet internal and external compliance standards, which help preserve the bank’s integrity and reputation.

Banks can use contact tracing tools to track employees who may have been near a person who tested positive for COVID-19. If a person tested positive or was exposed, those who have been exposed to that person could easily be identified. Visitor management systems can control and authorize visitors before they arrive. A temporary card can be used from the phone via a QR card reader, eliminating the need to touch a card. Visitors can be required to answer COVID-19 related questions and remotely sign policy documents before being allowed access to a building, ensuring compliance while keeping employees safe from exposure to the virus.

Security officers can capture events using the data from other systems to contain and recover preventing the spread of infection. Proper tracking of COVID-19 diagnoses and all events within an incident management system will help the bank remain in compliance.


Deploying the best technologies can help provide a powerful and comprehensive insider threat and security program, but to have a top-notch program, an organization must have cross-collaboration between its departments. Key stakeholders from HR, legal, IT, facilities and compliance should meet regularly with the security team.

“Reach out and discuss the benefits of having a strong relationship with different departments to not only help build an insider threat program and improve security overall, but to benefit the company as a whole,” Bissmeyer said. “Eliminating silos and working cross-functionally is the only way to have a first-rate security program.”

Different departments perform different investigations and cross-communication could streamline the process and benefit other programs such as workplace violence, business continuity, and crisis management. All of these programs touch other departments. Invite members from these departments to attend regular staff meetings, and request to have someone from the security department at their meetings. Understanding what is happening in other departments eliminates surprises and helps each team be more proactive.

Together, establish workflows when incidents or crises are identified. Dynamic, distributed and auditable workflows will create a streamlined response and improve reaction time. COVID- 19 challenged all aspects of the banking business. Implementing cross-collaboration communication and workflows, along with the right technologies will help banks be better prepared for the next crisis.

This article originally appeared in the September 2020 issue of Security Today.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3