Posted by Brian Monroe - bmonroe@acfcs.org 03/31/2020
ACFCS Cryptocrime Workshop Takeaways Day Two: With crypto value surge, pandemic scams, ransomware attacks, more banks, exchanges reporting on aberrant activity
The skinny:
- The coronavirus pandemic has complicated financial crime compliance in a bevy of areas, including countering cyber-fraud and a related surge in hack attacks.
- A recent infographic released by the United Kingdom’s chief cyber defense agency could help.
- It was designed specifically for small companies, including banks, to strengthen virtual vaults quickly and cost-effectively.
- Interestingly, there are also some parallels between preparing, responding and recovering from a cyber attack in the digital world to the efforts authorities are using now to overcome the COVID-19 pandemic.
- These would include preparing for specific worst case scenarios, ensuring adequate recovery and backups are available and restricting access for users that could be infected or hackers trying to deliver their viral payload.
As countries engage an array of tactics to counter the COVID-19 global pandemic, including restricting the movement of those infected, and those who are still healthy, through lockdowns, and engaging in key preparation, resilience and recovery efforts, there are also parallels with bolstering security in the cyber world, according to a U.K. government agency.
The coronavirus pandemic has complicated financial crime compliance in a bevy of areas, from sapping and scattering resources to a surge in cyber-fraud and hack attacks as criminals and dark net denizens attempt to take advantage of weakened counter-crime defenses.
While some large corporations and financial institutions may have the funds and resources to weather the storm – and have prepared advanced cyber resilience, response and recovery efforts – smaller operations may be crushed.
They face a double-bladed attack, both from the economic downturn and the potential of a worker accidentally mistaking an email about the pandemic or incoming stimulus checks and clicking on a diseased link that spreads a virtual virus or locks a system with a ransomware strain — a ransom that likely can’t even be paid.
A recent infographic released by the United Kingdom’s chief cyber defense agency could help.
The U.K. National Cyber Security Centre (NCSC) has released a guide designed specifically for small companies, including banks, to strengthen digital entry points quickly and cost-effectively.
To view the full “Response & Recovery” Small Business Guide, and other resources to gird systems and hardware, click here.
Interestingly, there are also some parallels between preparing, responding and recovering from a cyberattack in the digital world to the efforts authorities are using now to overcome the COVID-19 pandemic.
These would include preparing for specific worst-case scenarios, ensuring adequate recovery and backups are available and restricting access for users that could be infected or hackers trying to deliver their viral payload.
Here are some tips to consider going on in the real world to better secure the digital realm:
- Lockdowns: Just as individuals, healthy and not, are restricted from moving certain places and gathering in groups to prevent the spread of the coronavirus, companies should consider similar tactics to prevent online infections.
Institutions should consider restricting access, such as certain administrator rights and privileges, to only a select few in the company. That way, if someone accidentally clicks on a virus that gives hackers access, they can only steal some data and not crash a firm’s entire front and back end systems.
- Social distancing: In the real world, social distancing, in essence, staying six feet away from others at all times, is recommended to prevent droplets from an infected individual from getting from one person to another.
In the digital world, corporates and financial institutions must realize that spammers and scammers have created numerous fake sites tied to the pandemic seemingly offering information, resources and even the ability to order in-demand personal protective equipment (PPE).
As a result, banks should warn their teams, and customers, not to visit or click on sites that are not well known or reputable and ask for personal information or, rather than listing the information in an easy to read format, constantly requests visitors to “click on this link to learn more!”
- Staying home: Back in the tangible world, with so much misery, sickness and death caused by the coronavirus, you likely feel a deep desire to help.
You want to leave your home and do something: give blood, help an old lady, go on a reconnaissance mission for toilet paper and other scarce paper products and, once acquired, hand them out to neighborhood families, feted like a conquering champion. Regale in your conquest, Conan the Plumberian.
But don’t. Just, don’t. All the experts agree, the more that you can “shelter in place,” and stay home, trying not to go out at all, the less the virus has a chance to create a new anchor point and hot zone.
Related to cybersecurity, that’s not a bad strategy as well — particularly now because so many people are working from home. Right now, you might be on your company laptop, but you are most likely on your own personal wi-fi.
You are not protected behind the layers of corporate digital defenses and plugged in to a hardline. In tandem, have you ever even changed your wi-fi password since you got it? Is it still set to username: admin and password: admin?
Being that right now you are your own physical and digital shelter, you should review your own cyber vulnerabilities and change and update passwords to make them as strong as possible.
Don’t stray far from the sites you are used to visiting and don’t click on any links in emails you are not expecting related to funds coming to you due to the virus or tied to the incoming stimulus checks. Because those are likely scam and spam emails trying to get into your wallet.
For the ultimate home virtual vault: Try backing up your computer on an external hard drive that is not connected to the Internet, and in fact doesn’t even have wi-fi capabilities, and physically separate the unit into an air-gapped separate space. Shelter in place, indeed.