7 Steps to Secure Branch Banking Communications

Given all of the recent challenges, as a retail banking executive, have you, your branch managers, or your internal communications teams struggled to find effective, efficient and secure ways to communicate with your teams?

Are your teams texting, instant messaging, or using other non-approved communications with out-of-branch employees? Are your IT and security teams concerned with frontline teams using un-secured or un-auditable communication methods, given the potential risks these platforms pose?

For branch employees, mobile devices and apps are a normal part of modern life—so much so, that many associates are frustrated by the lack of branch mobile solutions (such as secure communications or scheduling). This is especially true at a time when every bank is touting mobile convenience for customers.

Branch Security Concerns

Historically, given banks’ strict regulations and risk-averse nature, they have been cautious about adopting bleeding-edge technologies. That includes mobile or remote-enabled communications apps and tools. But the recent COVID-19 related events have exposed ineffective communications tools and processes—as well as problems in securely communicating with out-of-office employees.

Given banking is a high target area for cyber-crime, employee communications can be a major risk, particularly when these share health and employment information. And given the potential repercussions (monetary, legal, reputational and more), security and auditability need to be paramount for any bank-deployed employee communication solution.

Secure and Mobile Branch Banking

Because of these factors, branch teams, historically, haven’t considered (let alone created policies for) secure, reliable mobile communications enablement. But in past months, many retail banking execs and communications directors now wish they had these capabilities.

Given the current disruption, many branch managers and employees favor the simplicity and familiarity of their own hardware and software communications solutions. As a result, they’re discussing work with each other from their smartphones—via text, e-mail, and even well-known consumer apps (such as WhatsApp or Facebook Messenger).

The messaging over these platforms are unsupervised and unmonitored, making it impossible to audit or enforce corporate communication standards. Additionally, frontline teams may be leveraging platforms that your information technology department has not cleared, potentially opening security gaps and liabilities. Despite the proliferation of the distributed workforce, you still need to know that your workers’ platforms are secure from hacking or data leakage.

Security Key To Customer

At this point, returning to internal branch systems—an intranet, for example—as the primary communication tool is not practical. Instead, bankers should consider a few approaches that will enable efficient internal messaging and collaboration, without stifling collaboration.

Here are seven best practices to consider when reviewing your branch and network communications platforms:

1. Get your internal IT department involved. Find out if there is a list of approved messaging applications and platforms. Then make sure you and your employees comply with this list.
2. Inventory what your employees are using, both hardware and software. Match the platforms to your approved IT list and ruthlessly weed out noncompliant solutions.
3. Determine if your existing mobile email or messaging system (if you have one) is outsourced or internally managed. Is your service provider fully compliant with industry standards, such as SOC-2? Are there certifications that the provider can show?
4. Define clearly your data policies and document them. Have you compiled the rules for data? Do you know if (and where) key information (such as employee data) is stored, for how long, or if it all? Do you know what data is shared with which associates? Make sure associates know the new out-of-office data policies and best practices to help them fend off social engineering assaults, hackers, etc. In some cases, you may need to archive shared data for compliance or legal actions.
5. After creating data policies, you must also execute them with IT. Ensure you define your data access rules, and enforce them so that only the appropriate managers, associates, or specialists can access sensitive information.
6. Be capable of granting or revoking mobile user credentials in near real-time. You want to work with human resources and IT seamlessly to enable associates to be provisioned quickly and securely. That applies especially if they are called in to support a customer remotely. And when associates leave or transfer, be sure their access is revoked accordingly. (Ideally, you can prevent data from even being stored on a personal device, or apply geo-fencing for access, and so on.)
7. Go holistic. Another way to approach the challenge is to select a single messaging and communications vendor that can also support your branch workforce management and execution management needs. Find a provider that embeds secure communications, employee self-service scheduling, and mobile execution tools with proven best practices and technologies in its offering, out of the box. This way, you can more easily support safe, reliable communications that will deliver your employees the real-time text, email alerts, and other capabilities they need to work securely while remote.

To learn how Reflexis can help you with your communications and self-service branch banking needs, reach out to banking@reflexisinc.com today.