Between a $2 trillion stimulus package and the desperation many Americans are feeling regarding job and economic instability, the atmosphere is ripe for cybercriminals to take advantage of unsuspecting individuals.
The Department of the Treasury Financial Sector Cyber Information Group (CIG) has reported an increase in phishing attempts, ransomware, and other malicious activity centered around the CARES Act (Coronavirus Aid, Relief, and Economic Security Act).
In addition, criminals may take advantage of staffing reductions related to COVID-19, along with increased remote work, to establish persistent access to financial networks for future espionage or disruption, causing harm even after the COVID-19 threat has passed.
Financial industry professionals can serve as a useful informational resource to proactively increase awareness of cyberattacks. And, at the same time, an issue like COVID-19 can be an excellent reminder to firms to ensure their own cybersecurity policies and procedures are in order.
Scams Financial Industry Professionals Should Be Aware Of
Cybercriminals are already hard at work looking for ways to exploit the relief being offered to support Americans through this unprecedented and troubling time.
Scammers are using multiple avenues to fleece funds from their victims. Reported scam attempts range widely and include:
- False offers for medical treatments, vaccines, and at-home testing kits
- Fraudulent requests for charitable donations
- Demands for over-the-phone information that will allegedly be used to process a stimulus payment
- Fake surveys used to gather your personal or financial information
- Scams related to lending or mortgage programs
The goal with some of the scams may be to get money directly from consumers, while others focus on gaining access to personal or financial information in order to wreak havoc further.
How Financial Industry Professionals Can Protect Their Clients From Potential Fraud
Multiple government resources are available to educate clients about the potential for scams and to advise them on how to avoid being impacted. Some useful, and frequently updated, sites include:
- CISA (Cybersecurity and Infrastructure Security Agency): Security Tips and Defending Against COVID-19 Scams
- FTC (Federal Trade Commission): Blog and Avoid Coronavirus Scams
- FinCEN (Financial Crimes Enforcement Network): Coronavirus Updates
It can also be beneficial to remind clients about common security best practices, including:
- Never sharing personal or financial information over email
- Using strong, complex passwords, and not re-using passwords across multiple sites
- Checking in with their financial services professionals directly when they receive a questionable message, phone call or email
How To Help Clients If They Believe a Breach Has Occurred
If a client shares concerns regarding a potential breach of their cybersecurity, inform law enforcement as soon as possible.
- CISA: Email cisaservicedesk@cisa.dhs.gov or call 888-282-0870
- FBI: Connect with a local field office, or contact the FBI Cyber Division at CyWatch@fbi.gov or 855-292-3937
- Secret Service: Contact a local field office
Potential Items to Consider Regarding Organizational Security
As firms work to support clients during COVID-19, it can also be a good time to ensure the firm itself is protected and prepared from a cybersecurity perspective. When determining preparedness for cybersecurity issues, firms should have guidance in place to support their employees, customers, and partners/vendors, as well as to meet all applicable regulatory guidelines for their industry.
A cybersecurity policy should cover many areas, including:
- Guidelines on confidentiality and confidential data
- Protection for personally identifiable information (PII)
- Effective password management
- Scam/phishing/social engineering awareness and mitigation
- Management of physical hardware (computers, data storage, portable devices, etc.)
- Remote work policies and security standards
During this stressful time, the last thing any individual or organization wants to deal with is the stress and damage caused by scammers and fraudsters. If your company needs to craft a well-designed cybersecurity policy that will suit the needs of your firm during this period of uncertainty and beyond, Red Oak Compliance can provide support and consulting expertise.
Red Oak is the advertising review software of choice in the financial services industry, with clients having over $19 trillion in assets under management. Partners of Red Oak benefit from quick implementation timelines, agile technology that responds to your needs and is 100% Books and Records compliant, all resulting in 35% faster approvals, and 70% fewer touches. Are you ready to minimize risk, relieve the regulatory burden, and improve efficiency? Contact the Red Oak team to learn how.