Financial Regulator Warns of Hybrid Working Security Risks

Written by

The UK’s financial regulator, The Financial Conduct Authority (FCA), has released new guidance for organizations in the sector to help them transition securely to hybrid working practices.

The regulator warned that financial sector firms must prove that “the lack of a centralized location or remote working” doesn’t increase the risk of financial crime.

It also demanded that firms prove there is “satisfactory planning” in several areas. These include regular reviews of hybrid working plans to identify new risks and proof that firms “can cascade policies and procedures to reduce any potential for financial crime arising from its working arrangements.”

Specific “control functions” including risk, compliance and audit must also be able to prove they can carry out their work unaffected by the new working patterns.

The FCA also requires firms to consider any data and cybersecurity risks, “particularly as staff may transport confidential material and laptops more frequently in a hybrid arrangement.”

Security experts welcomed the extra guidance offered by the FCA.

“As well as ensuring the right security systems are in place, it’s essential that staff are fully trained about the risks posed in terms of data security around incorrectly addressed email correspondence as well as external threats like phishing emails, ransomware attacks,” argued Tessian CEO, Tim Sadler.

“Financial services organizations manage valuable and critical data, and it’s so important that they do not allow flexible working practices to put them at risk of a breach.”

Zoho Europe managing director, Sridhar Iyengar, added that while the crisis had forced many positive changes in working practices, many organizations still lack the processes and infrastructure to drive compliance.

“The FCA is right to warn financial services firms about the risks associated with hybrid working, particularly around challenges such as regulatory requirements, data compliance and accountability,” he argued.

What’s hot on Infosecurity Magazine?