Working remotely creates some entirely new security challenges
So we ran a webinar in June, aimed at compliance and risk professionals, many from the FinServ sectors and one of the poll questions we asked related to how many firms had deployed specific training for employees now working from home. Amazingly, 47% had done no such training. Firms regulated by FCA are obligated to ensure the business is managed effectively. In fact, Senior Manager Conduct rule nos 1 states:
SC1. You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
Many on the webinar registrants didn’t make the connection between increased risk and employees now working from home. Specifically, and in particular, customer data. In the traditional office environment, firms can be far more certain that employees with criminal intent are not deploying camera phones to photograph swathes of customer data. Those same employees working from home? No such controls exist. Selfies with your kids in front of the PC (with customer record details clearly showing on the screen) is a recipe for disaster.
Failing to train the employee base is a first base fail come the regulatory audit. C-19, does not absolve firms of their duty to customers and the law. They, employers, still need to take reasonable steps …. to control the business.
It is never too late to do that training.