CARES Act-Related Cybercrime Is Increasing— Protect Your Organization

CARES Act-Related Cybercrime Is Increasing— Protect Your Organization

The ideal climate for cybercrime—fear, urgency, confusion, and the atypical circulation of enormous sums of money—has manifested. The Coronavirus Aid, Relief, and Economic Security (CARES) Act is the largest relief package in US history: a $2.2 trillion relief package promising financial aid for US individuals and businesses affected by the economic devastation of COVID-19 and associated social distancing measures. If $2.2 trillion isn’t enough to think about, follow-up legislation will put additional hundreds of billions of dollars into the system.

Of course, the financial services sector will serve an instrumental role in distributing these funds to US citizens, businesses, and organizations. Tremendous sums of money, uncertainty, and a lack of clarity as to how the programs work are altogether attracting both cybercriminals looking to commit fraud as well as potential adversaries seeking to disrupt the effective distribution of these funds. Essentially, all government organizations and related organizations—the FBI, the US Secret Service, the Financial Sector Cyber Information Group (housed within the Department of the Treasury), the Cybersecurity and Infrastructure Security Agency (part of the Department of Homeland Security), and many others—are warning financial services organizations and the public at large.

Given the extensive cybercrime relating to the environment created by the pandemic, we recommend that financial institutions review their cybersecurity posture and institute the most up-to-date cybersecurity measures to protect critical financial systems and customers from any associated cyber threats. But what should you be on the lookout for?

Scams targeting your employees

Financial services organizations need to be alert for scams targeting individual employees attempting to breach your organization’s security systems. Just a few example tactics include the following:

  • Fraudulent messages offering information or updates relating to CARES Act loan and grant programs
  • Official-looking text messages claiming that a COVID-19 test is mandatory to receive a stimulus check
  • Fraudulent emails allegedly from the Centers for Disease Control and Prevention or the World Health Organization, including malicious links or attachments with malicious macro code or information-stealing malware
  • Phishing emails claiming to be from the IRS or other government agencies offering important information
  • Requests for donations from fraudulent charitable organizations
  • Social media messages asking for verification of personal information

Reduce damage through employee training and communications

  • Regularly share with your employees the phishing emails and scams that are circulating so they can be on the lookout.
  • Train team members to be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information, and teach to them to verify the identities of unknown people or organizations and their roles or relationships with your company.
  • Teach employees not to provide personal information or information about your organization, including its structure or networks.
  • Train employees not to send sensitive information over the internet before checking a website’s security.
  • Teach employees to look for URLs that begin with “https” and look for a closed padlock icon.
  • Implore employees to notify your company’s IT or security team right away if they receive suspicious communications, and make sure they know exactly how to share the information.

 

Attacks targeting your network

Another significant area of vulnerability that financial services organizations must address are the increased cybersecurity exposures created by so many employees working remotely. While attacks on your technology infrastructure are not necessarily specific to the CARES Act or other aspects of the COVID-19 pandemic, the IT infrastructures and corresponding security are strained given the rapid changes we have all had to make. The following are some measures you can take to maintain cybersecurity standards.

Protect your networkSIlverSky Email Protection Sui

  • Update VPNs, network infrastructure devices, and devices being used to facilitate remote working with the latest software patches and security configurations.
  • Given the increase in personnel working from home, ensure that your IT personnel and any third-party security partners are being even more vigilant to detect attacks early and remediate effectively.
  • Implement multi-factor authentication (MFA) on all VPN connections to increase security; if MFA is not implemented, require teleworkers to use strong passwords.
  • Consider mobile device management so that if an employee loses a device or the device is stolen, it you can remotely wipe the device of sensitive information.
  • Unified communications can be used to lessen the risks of file sharing over remote devices; for instance, employees can securely exchange and collaborate on sensitive documents via SharePoint, eliminating the need to store documents locally on a remote computer or device.
  • Host your email or Office 365 in an off-site location that is fully redundant and regulated, coupled with email protection services help to lessen viruses, targeted attacks, social engineering attacks, and accidental or malicious data loss from insiders.

These are overwhelming times that are severely straining the IT and security resources of many organizations. If you need help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or learn@silversky.com.

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me

Previous

Next

Managed Detection & Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email & Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me

Compliance & Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.

Healthcare

Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.

Retail

Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me

Resources

White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 

Events

Blog

Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion

Kyle Benson Editor
Product Marketing Manager , SilverSky

Customer-focused product marketing manager driven to make complex cybersecurity technologies easy to understand and easy to value.

follow me