Cyber security under quarantine: Bank of Russia recommendations
The most immediate task for the banks is to prevent disruption of remittances, procedures for opening and maintaining individual and corporate bank accounts, and ATM cash withdrawals. To mitigate business continuity risks, the Bank of Russia developed recommendations, addressed to financial institutions, on how to arrange the workflow both for remote and office employees amid the coronavirus outbreak.
It is recommended that operations which are not related to opening and maintaining bank accounts and which do not impact transactions’ continuity should be carried out via mobile access. If that is the case, the Bank of Russia encourages financial institutions to use VPN and multi-factor authentication; supervise and control the actions of mobile users; and implement a range of other measures.
According to the recommendations, specific organisational and technological measures to ensure cyber security of remote work are provided in the national standard for banking and financial operations’ security.
The Bank of Russia also emphasises the importance of prompt information exchange between financial institutions and the regulator through the Financial Sector Computer Emergency Response Team’s Automated Incident Management System (FinCERT AIMS) in line with Bank of Russia regulations.