By Jennifer Banzaca, Alternatives Watch
As hedge funds continue to transition back to the office they are faced with a new set of challenges and cyber risks with employees returning to work.
In the months that employees worked remotely, cyber criminals and nation state attackers took advantage of the COVID-19 pandemic to ramp up their attacks against remote employees and remote access solutions.
Grigoriy Milis, chief technology officer at RFA, noted that cyber criminals are also targeting remote employees and access points in an environment where some workers are in the office, some are continuing to work from home and some will do both of course.
“For the most part, many of our clients are using the hybrid model. Typically, this is done in a rotated fashion where one part of the team works on certain days while the rest of the team works on the remaining days,” Milis observed.
Employees returning to the office present a significant cybersecurity risk to firms, Milis also noted. People have been working remotely for the past several months and have been disconnected from the corporate network most of the time. During this time, devices may have been compromised and firms are trying to deal with “potential time bombs” as employees reconnect devices to the corporate network.
The risk this poses really depends on how well those devices were secured and managed while being used by employees working remotely. If the devices were corporately managed and included robust endpoint protections, regularly updated and patched, have robust antivirus and malware protections in place, there could be little risk to the device connecting to the firm’s network.
However, where devices were not secured and managed by the firm, the device should be updated, scanned for malware and properly secured before connecting to the firm’s network.
“One of the things that we have seen specifically with hedge funds is that the increase in targeted attacks has been very significant. So, our recommendation to companies, and specifically to hedge funds, is that when employees are bringing in their devices, such as laptops or other mobile devises, is to evaluate it and make sure it has not been compromised before allowing it to connect to the corporate network,” Milis advised.
Another challenge is that the infrastructure at the workstations have been sitting for the past several months will need to be updated, Milis said.
“These machines are behind on the vulnerability compliance, patch compliance and software compliance so they need to be updated before anything is connected to your corporate system. We recommend to our clients before they head back into the office to have their software and security service providers come in and reboot and update their systems to make sure everything is up to date and properly protected.”
In order to protect their networks and sensitive information, firms must properly protect themselves. Milis suggested that one way hedge funds can protect themselves is by protecting endpoints by shifting the management of the endpoint security from something that exists on premises to a cloud solution.
Firms should also secure the home networks for employees, perhaps not for every employee but definitely for those that have access to sensitive information.
“We developed a solution that would bring an employee’s home into a company’s single cybersecurity package and monitor for cybersecurity events,” Milis said.
In preparation for a new hybrid working model, hedge funds are advised to re-evaluate their current security policies and security fabric from that new reality perspective and conduct a risk analysis on any new threats or weaknesses that could be introduced.