At the advent of COVID-19 pandemic, many software technology workers had quickly improvised to manage the sharp disruption in our way of life. Some had their workstations as a comfortable desk set up on a porch or patio while some had theirs set up in an uninsulated garage working on a piece of strong plywood wedged between the family’s minivan and kids toys box.
Need I not say that WFH setups like these are not only hazardous but may also end up posing a high level of enterprise risk to an organization.
Like other tech workers, Treasury technology workers had also improvised through WFH to keep up with their tasks. Among the vast list are Treasury Management System Technical Analysts who not only understand the flow of funds in the treasury space but also, and more importantly, have an excellent understanding of manual/system journal building, automated dummy clone via simple CRON jobs or database schedulers, and have a coherent understanding of the encompassed technicalities behind GL transaction-impact.
You would agree that in the wrong hands, such grounded TMS knowledge and access to an FI’s cyberspace can pose a risk, hence the need for improved information security while promoting business continuity.
My Top 5 Recommendations To Properly Manage This Risk
- High-privilege tech workers/super users should ALWAYS work from the office. There are other different opinions around this especially considering the current COVID-19 reality. To strive amid the constraints of a pandemic, high-privilege tech workers/super users must be lodged in the office complex and work right from the office.
- Participators in a maker-checker array in a Financial Institution with a cyber presence must be closely monitored when working from home. Never underestimate the power of a well-thought syndicate nor leave maker-checker participators to act entirely based on ethics and discretion when working from home.
- Network monitoring must be top-notch to pick up irregular activities like the download of confidential info or other forms of malicious attacks by confirmed or unconfirmed endpoints.
- Activities of Treasury operations must be closely monitored when working from home.
- Lastly and most importantly, the Treasury Management System team must casually monitor each other’s activities on the TMS system especially that team member who for some reason is working from a different location. Though TMS team members are seldom made privileged users, a syndicate isn’t hard to form.