Staying Focused on Cybersecurity and Fraud Prevention
The tremendous uncertainty triggered by the pandemic has offered many opportunities to would-be cyber criminals. With this in mind, we are actively supporting our clients through our own learnings from past experiences and through the current and unfolding crisis.
After the initial shock of the COVID-19 crisis, we have observed tentative but encouraging signs. Governments have put into place extraordinary measures to support their economies and companies have triggered their business continuity plans. The financial system has also proven resilient in the face of unprecedented volatility.
However, as companies have transitioned a majority of their operations and staff into remote and virtual-first terrain, this has also opened the door for bad actors. Would-be cyber criminals are looking to exploit telework situations, gaps in remote authentication and other vulnerabilities as entry points into companies' payment systems and flows.
In addition, the tremendous uncertainty triggered by the pandemic has offered these bad actors an additional tool in an already sophisticated toolbox that includes email spoofing, phishing and social engineering tactics directly targeting employees.
Since the start of the year, the number of registered domains featuring COVID-19 has spiked by over 750% — an indicator that attackers have begun to operationalize the pandemic itself as a cyberattack vector.
With this in mind, we are actively supporting our clients through our own learnings from past experiences and through the current and unfolding crisis.
To combat immediate risks around cybersecurity and fraud, we suggest focusing on five key priorities:
1. Enable safe remote working
Remind employees of cybersecurity best practices when working remotely, such as securing home Wi-Fi networks, only using company approved communications tools, never sending work documents to personal email accounts, and keeping personal device operating systems and applications
up-to-date with the latest versions.
2. Maintain awareness of surroundings
Remind employees to not conduct business over public Wi-Fi.
3. Follow established procedures
Ensure all staff are aware of organizational procedures for authenticating callers, reporting suspicious activity and approving changes to account details or transactions, and that they are generally familiar with all procedures necessary for maintaining effective controls that protect your organization.
4. Ensure knowledge of response plans
Fully socialize plans and playbooks for how to escalate potential privacy incidents and ensure clear channels for staff to alert leadership of any emerging business disruption.
5. Test business continuity planning
Conduct regular resiliency tests and exercises to build increased preparedness among staff and ensure technology can effectively support contingency situations.
Be bold. Challenge yourself. Challenge your bank partners.
In these uncertain times, we thank you again for your continued trust in J.P. Morgan. Please contact your J.P. Morgan representative for further information.
How Treasury and Payments can Lead in a Dynamic Environment
Enjoyed this article? Listen to our full webcast on this topic with subject experts from across J.P. Morgan discussing real-life examples. Registration is required.
Listen to our other webcast replays:
How do you ensure sufficient liquidity and access to it? How do you direct liquidity to the right place, at the right time and in the right currency?
How has the triggering of business contingency plans impacted treasury, business and operations as staff shift to back-up or remote locations?
What are the strategic challenges triggered by COVID-19 and what are the implications for treasury? Hear real-life case studies about how you can deploy digital capabilities to turn crisis into further opportunity.
What are the working capital pressures in the current environment? What are the best practices to consider in payables, receivables and inventory management and financing?
Registration is required for all webcasts.