Being a digital-focused bank, we had some sort of preparedness for remote work with limited scope. It was for some specific roles and specific resources with defined security controls. But when the pandemic triggered, the scale and scope got increased by multiple times. The transition was challenging to meet. Though we ensured all are connecting via secured VPN through organization-provided laptops with security controls only, having MFA, jump host, privilege session management, etc.; user train up and security awareness (e.g. properly securing home Wi-Fi, laptop sharing, etc.) was still a major challenge. Time was the additional crucial thing to manage.
With other security controls for access, we ensured all are going through Multi-Factor Authentication and Privilege access management. Users had to access through jump host with limited/specific privilege.
Remote work during the pandemic came up with unique cyber challenges, because home network/remote work environments don’t usually have the same security controls as in the office network. When users work in the office, they work behind layers of security controls. But, when people work remotely then additional security controls become essential. We had to ensure all are connecting through bank-provided secure VPN, using only bank-provided security-hardened laptops, with multi factors authentications, through secure jump host, following security monitoring, and automatic response.