News

May 07, 2020

Financial Institutions and the Work From Home Movement


By Robert Capps, VP of Market Innovation at NuData Security, A Mastercard company

How are financial institutions handling the COVID-19 induced work from home movement?

Now, more than ever, it is critical for organizations to investigate and mitigate fraudulent activities by taking prompt and appropriate action. In order to stay protected against large-scale fraud, it is recommended that organizations heighten their fraud prevention monitoring response operations, in line with the notable increase in cyberattacks from fraudsters capitalizing on system vulnerabilities and changes in the new working environment since the COVID-19 pandemic.

So how is the financial sector adapting to working from home?

Ensuring financial institutions' data is protected
Most organizations are using Virtual Private Networking (VPN) technology to protect their employees' access from their work-issued PC to corporate networks and data -- and are forcing all internet access from work-issued devices through these secure connections. With all access flowing through corporate systems, traditional corporate security controls can be effectively managed using Data Loss Prevention (DLP), anti-virus and anti-malware software, along with behavioral analytics and anomaly detection to identify potential security risks as soon as they are detected. If these technologies are in place, most threats against end users can be mitigated regardless of how they are connecting to the internet.

This task is no small undertaking. Many Information Security (InfoSec) teams are also working from home and collaborating virtually instead of in person. But experienced InfoSec teams are well-versed in responding to incidents in less than ideal situations.

Cybersecurity hygiene
Cybersecurity best practices have not really changed in the times of COVID-19. Most attacks against consumers can be mitigated by maintaining their computing devices, keeping them up to date with security patches, and by using security software. Corporate users can generally rely on their Information Technology (IT) and InfoSec teams to maintain their devices for them; however, personal devices connected to their home network could present a risk. Manage and protect your login information, use unique strong passwords for each site you connect to, and do not provide passwords to any website that cannot be verified as legitimate.

Hackers are not on hiatus, so be vigilant. Phishing attacks are on the rise because cybercriminals are exploiting the public's desire for COVID-19 news by sending malicious emails that purport to come from legitimate sources. Employees should be cautious about clicking on links or attachments in emails. Employers can ensure email authentication schemes are implemented to help prevent email spoofing, a scheme commonly used in phishing attacks. Remind employees to think before they act. Take a moment and verify before you click a link, open an attachment, login to an app or website, or provide personal information.

8 best practices for financial employees working from home:

  1. Ensure systems are patched with the most up-to-date software versions. Cyber actors are constantly scanning the internet for websites using end-of-life or outdated versions of software. By ensuring systems are fully patched, companies can help prevent attackers from exploiting known vulnerabilities.
  2. Apply strong passwords and remote connection policies for all employees, especially those connecting remotely. Access to administration interfaces should be protected with two-factor authentication, such as trusted IP addresses or a one-time passcode.
  3. Verify that you are connecting to a secure site. Does the address start with https:// and does the browser show a lock icon?
  4. When you are about to submit your personal or financial details to a website, think about how you got here. Did you type the URL in for the website in question, or did you click on a link? Always use a well-known URL, a bookmark, or a reputable search engine to locate the correct address.
  5. Confirm you were expecting an attachment from the person who sent it. If not, it is best to reach out to them and verify their legitimacy.
  6. If the message is urging you to take immediate action and transfer money or provide information under the threat of consequences, take a step back and confirm the request directly with the requesting person or agency, through well-known contact information. Do not just reply to the request.
  7. If you receive a call from someone who says they are calling from a financial institution, government agency, or law enforcement organization, asking for personal information or money, do not provide personal info. over the phone. Find the agency's website and contact information and call them directly. Legitimate requestors will understand that you need to verify the request. If you get pressure to act now, it is unlikely to be a legitimate request.
  8. Beware of email scams, online ads, or other promotions offering financial aid, offers to sell in-demand but in short supply items, etc. These are often scams. Only interact with reputable and verifiable organizations.
Think twice before you click on what could be a bait-like headline, ad, or email promising products or information that your regular trusted sources do not have. At the same time, we are working with our clients to prevent unusual and suspicious behavior that arises within their traffic during these times to mitigate emerging attacks.

For any inquiries related to scams and the COVID-19, please email verifygoodusers@nudatasecurity.com to speak to one of our experts.