IS Decisions logo

IS Decisions Blog

Two-factor authentication for banking and financial institutions' employees

To mitigate against the insider threat and external attacks in banking, two-factor authentication (2FA) and access restrictions are vital security measures.

Updated November 10, 2023

Whether its exploited users, careless behavior or outright malicious activity, UserLock helps banking and financial institutions to better protect against both the insider threat and external attacks, to ensure only the appropriate use of critical systems and sensitive data on a Windows Active Directory (AD) environment.

Recognize the risk of the insider threat

When we talk about cybercrime in the Banking & Financial sector we tend to focus on external threats, but often organization insiders are more likely to be the source of the cyberattackIn fact, you could say insider threats pose a greater risk than external threats as your employees already know where the company’s ‘crown jewels’ are. These crown jewels could include the assets that drive cash flows, competitive advantage and shareholder value.

Insiders tend to know what exactly resides on the networks and how to gain access to them for the purpose of theft, disclosure, destruction or indeed manipulation. For example, the leaking and disclosure of critical information could lead to the manipulation of share values. This is a far more effective means of profiting through cybercrime than traditional fraud techniques.

Some of the risks posed by insider threats in the financial sector include:

  • Undesired disclosure of confidential customer data – jeopardizing an organization’s most valuable relationship

  • Fraud

  • Loss of intellectual property

  • Disruption to critical infrastructure

  • Monetary loss

  • Regulatory

  • Destabilize, disrupt and destroy cyber assets of financial institutions

  • Embarrassment, Public Relations

Identify the insider threat

An unhappy employee or rogue insider

This person will go to any length to gain access to the organization’s critical information, share the sensitive data they get their hands on and even put it to some other unscrupulous use such as insider trading. But malicious employees are the exception rather than the rule, they are not the only insider threat.

Ignorant users

Forrester research has shown that internal incidents cause roughly a quarter of breaches. Employees unwittingly share sensitive data or information that could fall into the wrong hands almost daily. Many employees also casually share passwords. Giving their ID as an apparent necessity or just to make their lives easier, without knowing why it might cause a security breach.

An external attacker that looks like an insider

The use of compromised internal credentials (an exploited user) is the most common threat action in data breaches. So almost every external attacker will eventually look like an insider, for the simple fact that they're now in the system. It’s much easier to steal a trusted insider's credentials and bypass traditional cybersecurity controls.

Detect external attacks

External attacks are public enemy number one to IT teams since they consistently represent the lion’s share of data breach attempts.

Before you can stop an attack however, you need to detect one. Detection can happen anywhere from the point of intrusion all the way to the point of data access. Whilst this means there is ‘potential’ to detect an attack, it often means that you don’t find out until after data has already been breached!

To stop an attacker, you need to take away the most precious attack asset: the ability to logon with compromised credentials. Logons are a key component of an attack, without which an attack would be limited to the single endpoint that was the victim of a phishing email or malware-laden website. By eliminating their ability to logon remotely, you effectively kill any lateral movement and, therefore, the attack.

Secure the logon with two factor authentication for employees in the financial sector

UserLock is a comprehensive enterprise solution that empowers banking and financial institutions with two-factor authentication (2FA) and contextual access restrictions. It helps stop inappropriate and unwanted logons that stem from insider threats and external attacks.

Installed on your own on-premise environment for maximum security, UserLock works seamlessly alongside your existing Active Directory infrastructure. Integration is easy, and UserLock doesn't modify your AD accounts, structure or schema.

  • IT can choose between multiple MFA methods, such as push notifications, authenticator applications or programmable hardware keys or tokens, to generate a time-based one-time password (TOTP) for strong 2FA. Using a smartphone as a secure token frees employees from carrying a dedicated token device. Since the codes are generated and displayed on the same device, it removes the chance of hacker interception and means users can even authenticate offline. Many financial organizations find this is the best balance of security, usability, and cost available today.

  • With contextual access restrictions in place, administrators can be confident in customizing granular 2FA controls that avoid prompting the user for a second authentication, each and every time they log in. Contextual factors include location, machine, time, session type and a number of concurrent sessions.

Eliminate the opportunity for fraud from employees sharing logins

Shared logins open the door to fraud. Banks need to eliminate the opportunity for fraud resulting from users sharing logins. It’s vital to ensure that employees are limited to using only their own personal login information.

Many employees casually share passwords as an apparent necessity or just to make their lives easier, without any idea that it might cause a security breach. Shared passwords allow rogue users to easily move within an organization’s network once credentials are compromised.

Despite increased education and user security awareness, employees continue to share credentials, since there's no consequence on their own network access.

Native security controls in Windows Networks are not enough since they don’t limit or prevent concurrent logins. With 2FA and the ability to stop concurrent logins, UserLock helps prevent employees from sharing passwords.

Recognize improper user access and respond to risky behavior or access attempts from someone other than the legitimate user

Real-time monitoring provides visibility into what users are doing and the ability to take appropriate security measures to alleviate IT security threats.

This immediate and remote response to suspicious, disruptive or unusual login connections should be an integral part of any organization’s security policy and risk mitigation strategy.

Ensure compliance with mandates governing access control and data handling

With UserLock, financial organizations have the ability to control, identify, search, report on and archive user access to help secure sensitive and regulated information, prevent data leaks and comply with regulations on access control and data handling.

By centralizing and archiving all access events, UserLock can also offer detailed and accurate insights to support IT forensics, auditing, and regulatory compliance.

Raise user security awareness

Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are an important line of defense.

UserLock supports IT’s efforts to communicate consistent and clear security policies and controls through its notification system. With USerLock, IT can choose to notify all users prior to granting access to a system with customized messages that increase user security awareness and educate about insider threats. This can also include warning users about any access denials on their account.

What’s more, messages about legal and contractual implications can discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.

User alert compromised password activity

Scalable MFA & Access Security

Learn how UserLock provides complete control over network access for 60,000 users at a global bank.

READ THE CASE STUDY