Those of us in the business of community banking know all too well the impact a pandemic can have on our companies’ reputation, our customers, our employees and the nation as a whole. At least, we thought we knew!
For close to 15 years, financial institutions, including banks and credit unions, were required to perform pandemic planning as part of their overall disaster recovery and business continuity planning. Many of us produced a pandemic plan document that followed regulatory guidance issued in 2007. Some of us finally got our plans into place several years later pursuant to an audit or exam finding. Many of us at this point have only performed tabletop testing of our plans.
But did we really take those tests and scenarios seriously? How could we? The magnitude of this most recent worldwide pandemic hasn’t happened since the 1960s. How could we imagine that more than a few people would need remote access, or that there would be a worldwide shortage of hand sanitizer and surgical masks?
As a career banker and now a consultant working with banks and credit unions, I wanted to share with you a few early lessons learned. These are based on real-time situations we are working through with our bank and credit union clients, as well as real-time communications by regulators and auditors.
Remote Work Considerations
By far the biggest challenge our clients are facing is addressing the work-from-home needs of a much larger percentage of their employee base than previously planned. Whether it’s due to kids being home from school, sickness or social distancing measures, it is clear that going forward our Pandemic Plans should build in considerations for a much greater impact. Consider the following:
Now more than ever, financial institutions are being bombarded by malicious threat actors trying to take advantage of the heightened employee anxiety and rapidly changing technology implementations caused by a remote workforce. While our bank and credit union clients are swiftly implementing remote access for employees, keep in mind these important security considerations:
1. Remote Access Security: Remote access to your bank or credit union network should be secured via a secure, encrypted virtual private network (VPN) tunnel with multi-factor authentication. Other options are solutions like GotoMyPC and VNC, as long as you can document that adequate security and encryption are in place. Unique to the All Covered Finance Vertical is our ability to leverage Solarwind’s N-Central Remote Control technology, which provides secure remote access, with the controls mentioned earlier, as well as reporting.
2. Remote Access Reporting: No matter what remote access method you choose to use, be sure that reports are available to monitor remote user activity, and that these reports are regularly reviewed (recommended weekly) by your Information Security Officer.
Community banks and credit unions have a long history of partnering with the community in a time of crisis; weather related or otherwise. Here are some actions being taken by our clients to make sure customers are supported while keeping their employees safe. Consider building these into your Pandemic Plan:
Perhaps the most important item to consider in dealing with a pandemic is the health and well-being of your employees. While most of the workforce remains healthy, the burden of home schooling children and the constant bombardment by the media can lead to anxiety and depression. Your Human Resources department should play an important role in calming and reassuring the employee base, leading to enhanced productivity. Some of our clients are extending PTO in advance of the spread of the infection to give their employees peace of mind that should they fall ill, they will still receive a paycheck.
We hope you find this information helpful both in dealing with the coronavirus pandemic and also in strengthening your existing Pandemic Plan. All Covered is here to assist you with your Business Continuity and Pandemic Planning needs. From remote access and cybersecurity solutions, to policies, procedures and testing, our talented information security and compliance professionals are here to help.