The FCA has issued a warning to businesses about the risks associated with remote employment, citing worries about data, cyber, and security.
The FCA has released new recommendations for businesses that use a remote or hybrid employment model. According to the guidelines, companies will be assessed by the FCA and must demonstrate that remote working does not hinder their capacity to fulfil the threshold for the regulated activity they have or will have approval for. Companies should ensure that remote working does not compromise the firm’s ability to monitor its functions, harm consumers, compromise market integrity, increase financial crime, or restrict competition.
Companies must also ensure that they have examined any data, cyber, and security issues, especially since hybrid arrangements allow employees to transport confidential materials and laptops more frequently. They should adequately manage systems and controls, including digital capabilities like the ability to access records and systems and consider whether the firm relies on physical documents and what security and access arrangements have been created for them. Firms should also consider the legal implications of such work arrangements and how critical services will be delivered and monitored.
Zoho Europe managing director and technology expert Sridhar Iyengar says: “The FCA is right to warn financial services firms about the risks associated with hybrid working, particularly around challenges such as regulatory requirements, data compliance and accountability. The Covid-19 pandemic has forced through many positive changes in terms of working practices, yet far too many companies still lack the training & assessment of personnel and the IT infrastructure and systems to ensure complete compliance.
“Moving forward, organisations seeking to build a truly safe and secure hybrid working culture must look towards operating systems that can offer key applications to manage everything from collaboration and finance, to analytics and customer engagement. This will bring a new level of safety and security to remote working, helping to keep companies compliant in line with FCA standards.”
Tessian CEO and security specialist Tim Sadler says: “A hybrid working model brings with it huge benefits in terms of employee wellbeing, cost saving and flexibility, but also substantial cyber risks. The FCA is right to raise awareness of the need for companies to carefully consider how they manage remote working operations to ensure they remain compliant at all times. As well as ensuring the right security systems are in place, it’s essential that staff are fully trained about the risks posed in terms of data security around incorrectly addressed email correspondence as well as external threats like phishing emails, ransomware attacks. Financial services organisations manage valuable and critical data, and it’s so important that they do not allow flexible working practices to put them at risk of a breach.”
Barracuda Networks SVP international and cyber expert Chris Ross says: “Hybrid working brings with it many security challenges, particularly for firms operating within the financial services sector, so this guidance from the FCA is a welcome step for helping businesses reduce risk. With ransomware attacks on the rise, keeping companies fully aware of their regulatory responsibilities when managing remote working models is an essential step, alongside the necessary security systems and training for staff.
“Our recent research has shown that 81 per cent of IT leaders admitted that their organisation had suffered a security breach in the last 12 months. Worryingly, companies operating a remote or hybrid working model had a substantially higher breach rate, at 85 per cent compared to office-based businesses, where the figure was 65 per cent. Worse still, three quarters of those surveyed stated that they had been the victim of at least one ransomware attack. It’s therefore vital that all companies operating hybrid working models remain compliant and acutely aware of potential security risks at all times.”