During tumultuous times, cyber criminals see a window

News of the FDIC’s backstop plan to cover depositors at Silicon Valley Bank (SVB) and Signature Bank provided a measure of relief for banking clients following bank runs late last week and the closure of both financial institutions. While the full impact of these events remains to be seen, we know that tumultuous times call for a heightened focus on security.

The next few weeks are critical

Hackers opportunistically time attacks to take advantage of high-profile events that create uncertainty or expose vulnerability, which is why we often see increased cybercrime during times of economic and political instability or following a natural disaster. During the pandemic, phishing and wire fraud incidents rose by 220% as cyber criminals capitalized on global turmoil, compounded by new security vulnerabilities created by a remote workforce.

We expect to see a similar increase in security incidents as the rapid implosion of two financial institutions continues to play out – likely with ripple effects. Now is the time to shore up your cybersecurity defenses.

Three simple ways to mitigate your risk for cyberattack

Employees are always your first line of defense against an attack, as criminals continue to gain entry to systems through phishing and social engineering attacks and by exploiting weak passwords. During times of increased risk, focusing on the basics can go a long way in preventing or detecting an attack:

  • Communicate urgency. Convey to employees the increased threat level and the importance of vigilance to help deter attacks. Clarify your policies for reporting suspicious activity to ensure your security team can take quick action on any attempted attack. 
  • Share tactical tips. End users need practical advice to guide them on spotting and preventing phishing and other forms of social engineering, including the types of common scams to look out for.
  • Tighten email policies. Be prepared to quickly quarantine or pull suspected phishing emails from inboxes. Disable automatic forwarding rules or set up alerts.

Focus on vulnerabilities related to financial accounts and transactions

With new account openings, changes to vendor wiring instructions and large financial transfers resulting from the recent bank closures, you also need to be prepared for an increase in security challenges specifically related to financial transactions. These challenges require additional security measures:

  • Limit access to financial accounts. Quickly review user access and authorization rights for key financial systems, removing unnecessary access wherever possible.
  • Enable MFA. There should be no exceptions for multi-factor authentication (MFA) on all financial systems, for all users. This includes all access to bank accounts, as well as account access for those managing backend financial systems for payroll, receivables and payables.
  • Require known-person verification. Any changes to financial accounts, as well as all wire transfers, including payables and payroll, should be conducted only with individuals whose identity is verified. Use contact information from official websites – not email signatures – to confirm identity. Verify voice, role and image prior to making changes.

We encourage you to reach out to our team using the Contact Us form if we can help by performing pen testing, validating your security program, or providing a brief security training for portfolio companies.