Technology has allowed us to work in new and different ways, and that is especially critical as many of us find ourselves working remotely in light of the COVID-19 pandemic. While it is positive that businesses can continue to operate in the current environment, this new reality enhances the need for sound online security practices since these circumstances have also introduced new cybersecurity risks for firms and their clients. This means that advisors should be aware of new threats and may have to take extra steps to help keep client information safe and secure.
Understanding the Threats
Cyber criminals are using the heightened fear around COVID-19 as a way to create scams that appear legitimate and urgent—most notably, through phishing. The goal of phishing emails hasn’t changed. Unsuspecting victims are duped into clicking a link inside an email that directs them to a fake login page. Scammers often masquerade as an entity with which the victim may have a financial relationship (e.g., a bank, credit card company, brokerage company, or other financial services firm), and may ask victims to provide credentials like their username and password, email address and password, date of birth, and Social Security number.
Many of us are now inundated with news, social media posts and emails about COVID-19, and some scammers are using this as an opportunity to target individuals seeking information to protect themselves. Some examples of potential scams that advisors and their clients should be suspicious of include emails or communications:
- Claiming to be from a legitimate source with important information around COVID-19, such as the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO)
- Asking readers to perform an “urgent” action or to open a document attached to the email
- Containing an enticing subject line, such as “New coronavirus cases in your area” or “Access to coronavirus vaccinations and home test kits”
- Asking for donations to charities in cash or by wiring money
- From online sellers claiming to have in-demand supplies, such as cleaning or medical supplies
Phishing techniques, which in the past had telltale signs, have become increasingly more sophisticated. Attackers continue to improve quality—and in today’s case, timeliness—of their message, and they have also gotten better at replicating login pages and masking the actual URL. Spotting a phishing email can be even more difficult when reading them on a mobile device. Criminals also target mobile phone users through applications that appear to be related to COVID-19 or created by a legitimate source, and when downloaded give them access to data.
With most, if not all, employees working remotely during this time, criminals may also be taking advantage of people working from home to access client data on unsecured networks, such as public Wi-Fi. Firms should enable associates to make the best use of technology to conduct business securely, and it is now even more important to define a clear process so employees can access sensitive client data through secure networks and devices.
Educating Employees and Clients
Cybersecurity is constantly evolving. Advisors should consider ways to help combat the growing threat of security compromises by keeping employees up to date on procedures, as well as informed of new threats. Firms should not only educate employees on how to recognize suspicious emails but also provide a clear procedure for reporting them. These written procedures should include steps to take internally, as well as for use in any client communications. They should also include the after-hours escalation processes for any other financial institutions you work with.
In times of uncertainty, open communication with your clients is also critical. While advisors may be taking all the necessary steps to protect their firms from cyber fraud, they should consider developing an ongoing communications program to help clients better understand the ways they can protect themselves from cyber threats. And during times like these where new risks are apparent, advisors should consider a proactive phone outreach to clients they feel could benefit from this new information.
Cybersecurity is top of mind for many advisors and investors as they adapt to working in new ways and with new technologies. By making a plan to anticipate and respond to potential threats, advisors can stay a step ahead to help safeguard their firms and their clients.
David Canter is head of the RIA Segment for Fidelity Institutional.