The Covid-19 pandemic has wrought huge changes in work patterns, as employees and customers operate remotely. But how do you manage risk effectively while ensuring business continuity, controlled costs and regulatory compliance? In the first in a new series of video discussions with Microsoft, we hear how two companies partnered to rise to the challenge.
(Sponsored by Microsoft)
The lockdowns implemented across the world in March suddenly meant millions of people were working from home, throwing up huge challenges for ensuring work can be done and business carried out without compromising on cyber security and data protection.
In a video discussion (see above), Jim Eckart, Chief Security Advisor at Microsoft, is joined by his colleague Brian Armstrong, General Manager, Enterprise Risk Management and Edward Contreras, Chief Information Security Officer and Executive Vice President at Frost Bank, to discuss how they have responded to the crisis.
“We really had three primary principles” says Eckart. “The first is life safety. Before we make any decisions, we look at what the life safety situation is, whether that’s during an earthquake, pandemic or any other scenario. The second is customer impact. What do we need to do to ensure that our customers won’t be impacted by what happens with whatever scenario that we’re experiencing?
“And the third is employee experience or employee impact. What do we need to do to support our employees in fulfilling their work responsibilities, knowing that our scenario may also be impacting their personal and family lives as well?”
Eckart says it is then a case of applying the three principles globally, taking into account worst case scenarios and local regulatory requirements.
Armstrong adds that constant communication between his enterprise risk management team, the board and audit and compliance teams has been key, with much more frequent monthly risk cycle updates.
For Frost Bank, the 152-year-old institution’s business was largely based on personal, face-to-face contact, meaning it had particular challenges when dealing with the pandemic. Contreras says: “The bank had to understand transformation and understand it very quickly.”
The bank realised that the need to introduce new technology was likely to throw up challenges. “We have to take into account that we have investment advisors, that we have wealth management that we have treasury and each one of them has a set of compliance and regulations that we have to adhere to.” Contreras says the board and executives were all talking about compliance and the need to be flexible and to achieve this they shifted to a centralised system through Microsoft Compliance Manager.
He says: “We realised pretty quickly the old way would not work, we went to this collaboration forum, we started using Microsoft Teams, and people were joining in and saying how many loans can we truly deliver today? and knowing that we service a region, and that that region is fully dependent on access to this money, nothing could be the same as it was prior to COVID.
“And so digitally signing, uploading documents into a platform, validating that the data is correct, it really took us to say, ‘what controls do we have in place to help protect a very intense business service that we’re now offering that we didn’t really do in the past?”
“And the results of it were pretty astounding, she knew that we found out that we were able to close, almost 3000 loans in the first day of actually executed on this new platform.
Eckhart says some of Microsoft’s customers have had to reassess risk assessments for supply chain impacts, cybersecurity for remote working, and work on cost optimisation decisions that account for risk and impact.
Contreras puts Frost Bank in this category, saying it looked at the “total cost of ownership” and how they preserve their finances for when they need them.
He said “We need to have secondary and tertiary and even more types of controls at our disposal, not point-in-time solutions. When we started rolling out our products, we realised that there are ways we can reclaim other licenses, that there are ways to lower them on a cost by doing them in a more strategic manner.”
“It has to be compliant to security by design, we don’t have time to wait around and say ‘let’s get something operational and then worry about these things later on’.
“It was really, ‘let’s design it right from the beginning’. And when we did that, we found that, because we did it that way, we can actually turn on more capabilities in the platform without having to go back to the checklist of ‘is it compliant? Is it secure? Are we meeting our privacy mandates?”
See the full 44-minute discussion above
The largest data protection, privacy and security event of 2020, now available on-demand!
Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.
You can access the content from all four days, by registering for access to our PrivSec Global platform below.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.