Kim Albarella, Senior Director of Security Advocacy at ADP, outlines the new challenges financial institutions are facing in this environment, as well as how managers can protect their organizations.
The COVID-19 global health event has forced employees nationwide to leave the office and work from home. During this unusual period, organizations cannot let their guard down when it comes to financial data security.
Kim Albarella, Senior Director of Security Advocacy at ADP, outlines the new challenges of financial institutions in this environment, as well as how managers can protect their organizations.
Financial Data Concerns During COVID-19
Protecting financial data was already one of the top concerns of the new decade before COVID-19 arrived, as cybercriminals have been targeting this information more frequently.
"Not only are they trying to steal money through wire fraud and AP scams, they also understand the value of the financial data itself," says Albarella. "Fraudsters are on the lookout for confidential information — basically anything that a competitor might be interested in paying for."
The current environment has not slowed criminals down, and in fact they may be ramping up their efforts. "We're seeing an uptick in phishing and social engineering scams, where criminals try to trick employees into exposing data," says Albarella.
For example, criminals may pose as lenders and claim they are helping people access government stimulus programs to trick people into relaying their financial information.
Employee Safety Procedures
To protect employees from phishing scams, Albarella recommends frequent contact to point out any legitimate organizational changes. "Leaders should regularly remind employees about any new vendors and processes. Socialize the names so they can recognize what's legitimate versus what's not," she says.
Leaders should also warn employees about not improvising with technology, as they may be tempted to go without tech support or use unsanctioned applications. For example, if an online collaboration tool isn't working for a call, an employee might search for an unapproved alternative and unknowingly download a fraudulent version with a virus. Leaders should remind employees to follow the same procedures they would if they were at the office, which means working with only approved programs and contacting IT to solve tech problems.
On the technology side of things, leaders should require employees to use company-issued devices and corporate-approved accounts to handle their work, as these should have better security.
"Employees shouldn't use their personal webmail to send confidential information," says Albarella. "If an employee wouldn't text confidential information while in the office, they also shouldn't text that info while working at home." Most companies have strict policies and protocols addressing proper use of confidential information.
To keep up with constantly evolving threats, employees should also download the latest patches and upgrades for their devices. If employees regularly work with confidential information, another way to enhance data security would be to use a VPN for extra encryption on their home Wi-Fi. Finally, employees who print confidential information at home should follow company policy and consider getting a shredder for their home office.
Albarella believes effectively communicating matters of data security to employees depends on getting a few key points across: "Watch out for mistakes, be aware of scams and follow the company security procedures." Finance leaders should think about how best to distribute this messaging based on their organization's culture. The guidelines might be delivered in a newsletter, an internet article, a posting on your organization's internal portal, a training webinar or even an online organization-wide town hall.
For training, organizations should be willing to try new approaches to replace live sessions. For example, they could create a series of short video clips to customize the message specifically for their business. Albarella also suggests sharing real-life stories.
"Rather than just giving a generic lecture about data security, talk about a recent example of the same problem," she says. This personal touch can help drive the point across.
Protecting data remains a pressing challenge for financial institutions, and the COVID-19 event has created even more risks. By taking the precautions detailed above, finance leaders can protect their clients, their business and their staff against rising security issues.
- Updated information for employers can be found here: ADP Employer Preparedness Toolkit — Coronavirus Disease (COVID-19)
- Get customizable email templates and in-depth information on direct deposit, recent legislation and other valuable topics in the COVID-19 Employee Communications Toolkit.
SIGN UP FOR THE SPARK NEWSLETTER