Kim Albarella, VP, Risk and Security Advocacy at ADP, outlines the new challenges financial institutions are facing in this environment, as well as how managers can protect their organizations.
The global health event forced employees nationwide to leave the office and work from home. As this arrangement will likely continue for many, organizations must keep financial data security top of mind.
Kim Albarella, VP, Risk and Security Advocacy at ADP, outlines the new challenges of financial institutions in the new world of work, as well as how managers can protect their organizations.
Financial Data Awareness in the New World of Work
Protecting financial data was already one of the top priorities of the new decade before the impact of the global health event, as cybercriminals have been targeting this information more frequently.
"Not only are fraudsters trying to steal money through wire fraud and AP scams, they also understand the value of the financial data itself," says Albarella. "Cybercriminals are on the lookout for confidential information like IP, pricing strategies, contract details — basically anything that a competitor might be interested in paying for."
The global health event has not slowed criminals down, and in fact they may be ramping up their efforts. "We're seeing a big uptick in phishing and social engineering scams, where criminals try to trick employees into exposing data," says Albarella.
For example, criminals may pose as lenders and claim they are helping people access government stimulus programs to trick people into relaying their financial information.
To protect your business and employees from sophisticated scams, it's critical that employees are aware of what to look out for. Phishing emails and text messages may look like they're from a company, partner, vendor or client that they know or trust. They will often tell a story to trick them into clicking on a link or opening an attachment. Recent, frequent scams include notices that say they've noticed suspicious activity or log-in attempts, claim there's a problem with their account or payment information, say they must confirm some personal information, or include a fake invoice
As it relates specifically to COVID-19, there is an increase in financial scams that aim to steal money and those that aim to steal health and private information. For example, scammers may claim to get faster access to government loans and grants, especially for individuals and small businesses. Or they may try to sell fraudulent test kits and vaccines or pretend to be a contact tracer. Employees should be instructed not to respond to texts, emails or calls about checks from the government, ignore offers for vaccinations and home test kits, be wary of emails claiming to be from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO), and thoroughly inspect charities before making a monetary donation.
Employee Safety Procedures
To protect employees from phishing scams, Albarella recommends frequent contact to point out any legitimate organizational changes. "Finance leaders should regularly remind employees about any new vendors and processes. Socialize the names so they can recognize what's legitimate versus what's not," she says.
Finance leaders should also warn employees about not improvising with technology, as they may be tempted to go without tech support or use unsanctioned applications. For example, if an online collaboration tool isn't working for a call, an employee might search for an unapproved alternative and unknowingly download a fraudulent version with a virus. Finance leaders should remind employees to follow the same procedures they would if they were at the office, which means working with only approved programs and contacting IT to solve tech problems.
On the technology side of things, finance leaders should require employees to use company-issued devices and corporate-approved accounts to handle their work, as these should have better security.
"Employees shouldn't use their personal webmail to send confidential information," says Albarella. "If an employee wouldn't text confidential information while in the office, they also shouldn't text that info while working at home."
To keep up with constantly evolving threats, employees should also download the latest patches and upgrades for their devices. If employees regularly work with confidential information, another way to enhance data security would be to use a VPN for extra encryption on their home Wi-Fi. Finally, employees who print confidential information should consider getting a shredder for their home office.
Albarella believes effectively communicating matters of data security to employees depends on getting a few key points across: "Watch out for mistakes, be aware of scams and follow the company security procedures." Finance leaders should think about how best to distribute this messaging based on their organization's culture. The guidelines might be delivered in a newsletter, an internet article, a training webinar or even an online organization-wide town hall.
For training, organizations should be willing to try new approaches to replace live sessions. For example, they could create a series of short video clips to customize the message specifically for their business. Albarella also suggests sharing real-life stories.
"Rather than just giving a generic lecture about data security, talk through a real-world example of how a company lost confidential information to the same problem," she says. This personal touch can help drive the point across.
Protecting data remains a pressing priority for financial institutions, and the impact of COVID-19 on business operations has created even more challenges to be aware of and prepared for. By taking the precautions detailed above, finance leaders can protect their clients, their business and their staff against rising security issues.
- Updated information for employers can be found here: ADP Employer Preparedness Toolkit — Coronavirus Disease (COVID-19)
- Get customizable email templates and in-depth information on direct deposit, recent legislation and other valuable topics in the COVID-19 Employee Communications Toolkit.