One of the big effects of the Covid19 pandemic that was felt by businesses and financial institutions worldwide was the threat to data security as large numbers of employees moved to remote work. While the Covid19 pandemic has led to the functioning of a new normal, the post Covid19 cybersecurity and data privacy era will start to look very different given the new age risks and need for better measures. Jonathan Smith, Founder and CEO at Xamin shares a few thoughts in this interview.
_____
Can you tell us a little about yourself Jonathan? We’d love to hear about the reason behind starting Xamin and how your journey has been so far, what are some of the near-future plans you have for your company? Especially plans that can help your targets deal with the crisis and threats looming from the Covid-19 pandemic?
After watching my father build a thriving engineering firm in the midst of a recession, I was inspired to launch Xamin in 1999, alongside Pete Smothers, Chief Operating Officer. Since the very beginning, we’ve focused on moving forward, above and beyond for our clients. Over time, we have grown into a national leader of managed IT services, helping highly regulated and reputation-sensitive companies stay safe, secure and compliant.
Celebrating our 20th year in business, our team helps companies streamline compliance procedures and lower costs by partnering with the financial institution’s IT department to help managed and enhance overall IT strategy. We continue to gain our client’s trust by surpassing expectations, taking the time to understand their pain points and crafting solutions that solve problems.
Read More: GlobalFintechSeries Interview with Sean Worthington, President at CloudCoin Consortium
Our company made the decision to move to a fully remote culture seven years ago, so when the pandemic started to spread earlier this year, we were already working from home offices. While we are familiar with that work environment, that wasn’t the case for most – if not all – of our clients. Fortunately, we were able to continue operating as usual while helping our clients navigate the sudden change of converting to a completely remote workforce in order to keep their employees safe and productive.
Could you share your thoughts / tips on how financial institutions can better protect their company and end user data at a time when their own teams are still largely working remote?
Xamin is focused on keeping companies safe, secure and compliant – whether all employees are working from home, at the office or a combination of both. With many still working remotely, there are some key precautions that financial institutions can take to keep their employees safe and their customer’s data secure.
First, financial institutions should offer additional resources to their employees – arming them with more education, specifically security awareness training to help identify malicious cyber threats and social engineering tactics. Examining all virtual private networks (VPNs) and remote access methods can help ensure that all firmware and software is up-to-date and fully patched. This is also a good opportunity to ensure documentation is accurate.
Identity and access management is crucial for both devices and personnel, especially in remote environments. Many solutions allow you to specify access privileges based on the user and device, allowing you to control who and what can connect to the corporate network. Device requirements can also be managed to allow access to devices based on criteria such as enabled software firewall, full encryption, up to date antivirus and strong passwords. If you don’t already have it turned on, we strongly recommend enabling multi-factor authentication (MFA) to add another layer of security and to reduce the risk of bad actors gaining access to any private data.
Finally – and this one may seem self-explanatory(Xamin) – employees should ensure that their home wireless networks have a strong password in place. If your employees are still using the default password, some variant of “01234,” or a pet’s name that they regularly share on social media, it should be changed to something more secure. Along these same lines, public unsecured wireless networks should not be used.
What have some companies been doing more of to reduce detection and response times and to secure and protect user accounts/data during this time?
Larger financial institutions have seemingly unlimited resources and money to spend on protecting customer data. In fact, recent data indicates that big banks “spend as much as $3,000 per employee to defend computer networks from cybercriminals.” Having this kind of budget helps these organizations be better positioned for optimal detection and response when a threat occurs.
For community banks and credit unions, resources and budgets for IT are usually limited, but it doesn’t minimize the need for increased security and protection. This is especially important at a time when the institution’s IT department has less control over physical security while employees are working from home.
To combat this issue, many institutions have teamed up with managed service providers (MSPs), who partner with the existing IT department, to provide cutting-edge solutions while adding an additional layer of security and service. These partnerships can range from an in-depth IT security risk review, to a full redesign of the infrastructure complete with on-going management and monitoring.
As multiple sectors and the global workforce adjust to the new normal because of the Covid-19 pandemic – and as remote work becomes more commonplace for majority of employees – what security challenges and threats do you see facing financial institutions more in the new normal and what should they be doing to combat this?
For any company that isn’t used to having a remote workforce, the first step is to assess the risk –what systems, software and devices are your employees connecting to and how closely are you monitoring and securing these?
Working remotely certainly expands financial institutions risk-perimeter. For example, when employees are working in the office, an MSP, alongside the institution’s IT department, can ensure their systems, software and devices are all fully patched and updated regularly. When employees are working from home, MSPs and the IT department lose that degree of physical access and control over an employee’s devices. Utilizing a device and identity management solution helps retain that control, but most institutions lack the expertise to deploy such a solution – especially on short notice.
While technology is an incredibly useful tool to help your employees continue their day-to-day activities seamlessly and remain a constant for your customers, it also requires extra attention to decrease the vulnerability to attacks. In this time, community banks and credit unions should leverage the expertise of their technology partners, who can help configure secure and compliant access to sensitive data and applications.
What would you share in terms of standards and best practices that FIs should look for when they are adopting services from an external IT management provider?
FIs should look for the American Institute of Certified Public Accountants’ (AICPA) seal of approval. There is no better standard to show your institution that an external IT provider has verified compliance with its staff and solutions than the SOC 2 certification.
Not only does this prove that your technology partner has the policies and procedures in place, but it also demonstrates the effectiveness of those controls. A SOC 2-certified MSP displays their commitment to following the AICPA’s five trust service principles: security, availability, process integrity, confidentiality and privacy.
For community banks and credit unions, this is crucial in order to effectively safeguard consumer data – ensuring that your MSP is readily available, ensures compliance, assists with disaster preparedness and protects against bad actors.
Before we wrap up, would you like to share specific finance management or business tips for Marketing and Sales or Finance teams struggling through this uncertain time due to the Covid-19 pandemic?
More than ever, it is critical to align yourself and your business with strategic relationships. We leaned heavily on our strategic community during COVID-19, and it is an area where we will continue to invest in to ensure overall health and wellness of our business, associates, employees, and customers. We employed our entrepreneurial network, national technology peer group, financial relationships, industry thought leaders, board of directors and many other advisors to help us navigate any uncertainty. Fortunately for us, we have had over 20 years of business networking that have generated some amazing relationships and it’s never too late to continue the hunt for more.
Read More: GlobalFintechSeries Interview with Erwan Gelebart, CEO at Veon’s JazzCash
Xamin offers industry leading managed IT services to financial institutions as well as other highly regulated and reputation-sensitive industries. The organization provides a suite of technology solutions including infrastructure, security, cloud, data protection and professional services.
Jonathan Smith is Chief Executive Officer at Xamin and is responsible for overseeing all strategic initiatives. With more than 20 years of industry experience, Smith is deeply involved with new business development, finance, marketing and other efforts that influence his team’s high-performing culture. Additionally, he is a member and mentorship board chair of the Chicago chapter of the Entrepreneurs’ Organization (EO), focused on engaging entrepreneurs to learn and grow. Xamin is a leading provider of managed IT services for highly regulated and reputation-sensitive companies.
1 comment
Comments are closed.