MUMBAI: Indian banks and financial services companies are facing unprecedented challenges to maintain requisite cybersecurity protocols in line with regulatory expectations as employees continued their second week of working from home to protect themselves from the Covid-19 outbreak, leaving these companies more vulnerable to external attacks and breaches.
Cybersecurity experts warn that the ongoing situation has made cybercriminals more active as they are increasingly targeting both the bank employees with malware attacks, and the unwitting customers using digital channels with scam messages, to defraud them and gain remote access to secure networks.
“While most banks have business continuity plans in place, such protocols have never been tested at this scale in India or globally,” said Tarun Bhatia, managing director, Kroll India – a cybersecurity firm. “The proportion of people working remotely far exceeds anything envisaged while developing these protocols.”
These protocols may include banks employees using only registered devices such as laptops and tablets through secure private networks or VPNs as directed by the banks. However, the full-scale implementation of these directives especially among the non-tech savvy employees may represent a challenge for the financial services sector, experts said.
Malware attacks disguised as “sensationalised Covid-19 news or charity pleas” are also on the rise, experts told ET, with criminals targeting both employees and bank customers.
Fraudsters are circulating malware links to fake coronavirus applications like Spymax, Corona live 1.1 among others to steal confidential data from customer devices, Ministry of Home Affairs warned in a tweet on Tuesday. “Sometimes cybercriminals are also taking advantage of rising coronavirus concern for collecting charity,” MHA said. “Be aware and check the credentials of charity fund before donating money.”
Challenges are also emanating on how some critical and sensitive data are being treated by employees across the board, according to experts at the interface between technology and compliance.
“One important aspect is data backup. From what I know, many of the banks do not provide laptops to entry level employees. So they may use their own systems or laptops at home and in such cases some of the documents are saved locally on these systems such as a PDF file or word document, so that is also one hurdle from the legal and compliance perspective,” said Krupesh Bhat, CEO of Bengaluru-based Legal-Desk.com.
Other provision that banks would seek to improve would be security related to the privilege of access given to employees in work-from-home setups. Security of access to banks’ internal networks would have to be updated at various junctures, according to cyber security experts, and just regular password protection may no longer be good enough to prevent data theft.