In mid-April, Google reported blocking over 240 million COVID-19-themed spam messages each day and 18 million malware and phishing emails. Check Point revealed an average 192,000 coronavirus-related cyber-attacks per week. And Kaspersky issued a report saying that 73% of 6,000 employees that responded to their researchers said they have not received any specific cybersecurity awareness guidance or training from their employer.
Given these astounding numbers, we thought it time to ask defi’s Michael Carter, director of cyber security, a few questions.
Q: Michael, why now? What about the current world, national, local situation is causing such an upswing in spam and cyber-attack activity?
A: Bottom line: there are always “bad guys” out there waiting for someone to slip up. Their attacks are better. They send smarter email messages. They add professional-looking logos and their language is more grammatically correct and less likely to draw suspicion. They’re hoping people are stressed or distracted by different processes or work from home situations and they’ll click on something they wouldn’t normally.
Q: What should a company do? What if a company hasn’t yet given employees training?
A: Obviously, it would’ve been better to have started earlier. But, “it’s never too late.” Awareness is a great first step in your protection. You could start by forwarding your employees a copy of this article and making them aware of current risks.
Also, there are a number of great training platforms out there offering security training for employees. KnowBe4 is an affordable solutions that is now offering an on-demand webinar for improving employee security during the pandemic.
At defi, all employees are enrolled in an annual program for security and regulatory compliance. They take several courses at the virtual defi CAMPUS that explain in detail the various types phishing, smishing, vishing, whaling, as well as CEO fraud and other types of attempts to collect data and information. These programs also address physical security, badging protocols, use of strong passwords, need for encrypted emails, and more.
One employee reported that just after taking a training class she received an email in her personal email account from her bank, or so she thought. She clicked on a link to look into an offer the bank was promoting but hesitated when the logo on the web page she was connected to looked a bit “grainy.” And when she ignored that red flag and attempted to log in, her smart phone didn’t recognize the site and didn’t automatically enter her password. Then she caught on and deleted the suspicious email as advised in her training.
In a business setting, if you see something that causes suspicion, send it to your security team. And if you don’t have a security team, send it to IT or let them know you received something suspicious, provide who it’s from and just delete it.
Q: Can you talk a little about what defi did recently to ramp up security for the COVID-19 situation?
A: The last thing a security person wants to do is talk about the specifics of their security protocol. However, I think it’s sufficient to say that as a Software-as-a-Service provider in the financial services industry, we were already ramped up. We were using the latest security tools and monitoring systems. We had a Pandemic Plan in place with plans for work from home and business continuity activities working seamlessly. We had a predefined Pandemic Task Force comprised of leaders from within each area of the business that began meeting early on and reporting to the Executive Leadership Team.
A majority of our employees were already using company-owned mobile phones and laptops and could immediately begin working from home. Our IT team worked quickly to provision more laptops and get them out to the team members that needed them.
Q: Anything you wish you’d done differently?
A: One of the absolute best things any team can do after an event of this sort is evaluate processes and learn how to do things better. We’ll do that…when the time is right.
defi SOLUTIONS provides configurable loan origination systems, loan management and servicing, analytics and reporting, and a wide range of technology-enabled BPO services. If you’re struggling with the limitations of your current lending technology solutions, take the first step in realizing the benefits of modern technology. Contact our team today or register for a demo.