At the beginning of the COVID-19 pandemic, businesses scrambled to rapidly deploy a remote workforce which created new challenges for businesses and financial institutions to continue operating and providing critical services. It also created an opportunity for malicious actors to hack into and gain access to IT systems and sensitive, personal information.
New research from VMware reveals a significant increase in cyberattacks experienced by financial institutions and banks between February and April of this year. VMware data indicates that close to a third of all cyberattacks target either banks or the healthcare sector. While some states are rescinding their stay at home orders, some companies are still erring on the side of caution by continuing to work remotely or have made the decision to work remotely indefinitely such as Twitter. As a result of the uncertain future of COVID-19, a lot of businesses will continue to work remotely and those that collect and manage financial information, including processing of payment card information, will need to assess any cybersecurity vulnerabilities, implement safeguards to protect financial information and educate and train its workforce. In response to COVID-19, many U.S. federal and state governmental agencies have issued helpful guidance for businesses to help prevent and mitigate cybersecurity incidents.
The Financial Crimes Enforcement Network (FinCEN) has issued several advisories for financial institutions to remain alert regarding malicious or fraudulent transactions. In one advisory issued on March 16, 2020, FinCEN noted that it's seeing several trends on potential illicit behavior connected to COVID-19. The most popular trend is imposter scams with bad actors trying to capitalize on individual's vulnerabilities during this pandemic by attempting to solicit donations, steal personal information, or distribute malware by impersonating government agencies (e.g., Centers for Disease Control and Prevention (CDC)), international organizations (e.g., World Health Organization (WHO). The Federal Bureau of Investigation (FBI) has reported that criminals are using fake emails that pretend to be from the CDC, ask for charitable contributions, or offer COVID-19 relief such as government checks in an effort steal personal information. The U.S. Securities and Exchange Commission (SEC) urged investors to be wary of COVID-19-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect, or cure coronavirus.
The New York Department of Financial Services (NYDFS) has been proactive in responding to COVID-19 issues and released guidance on April 13 alerting covered entities to the significant increase of cyber incidents during COVID-19. The NYDFS requires all banks, insurance companies, and other financial services institutions and licensees regulated by DFS to have a robust cybersecurity program in place that is designed to protect consumers' private data, among other requirements. For regulated financial entities that must file with the NYDFS, the deadline for Certification of Compliance for calendar year 2019 had been extended from its original deadline of April 15, 2020 to June 1, 2020.
Read more as Ashley Thomas addresses three heightened risks remote workers should be aware of during COVID-19 and safeguards businesses should have in place regarding their data storage. Law.com subscription required.