Security Issues In the AC – After Corona

Financial advisors have a complex web of security issues to consider on a calm day. Has coronavirus made that more complicated? Maybe. Here are a few key issues to consider when reviewing your security plans while we continue to work from home at least part of the time.

One of the key topics that seems to have been most disruptive at the start of folks working from home is Zoombombing. What is it? ““Zoombombing” is when an uninvited person joins a Zoom meeting. This is usually done in an attempt to gain a few cheap laughs at the expense of the participants. Zoombombers often hurl racial slurs or profanity, or share pornography and other offensive imagery.”[1]
‍

Zoom provides the following tips for “keeping uninvited guests out of your Zoom event.”[2] They include, Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is basically one continuous meeting and you don’t want randos crashing your personal virtual space after the party’s over. Learn about meeting IDs and how to generate a random meeting. Familiarize yourself with Zoom’s settings and features so you understand how to protect your virtual space when you need to. For example, the Waiting Room is an unbelievably helpful feature for hosts to control who comes and goes.”
‍

Worse, and more private, than a Zoombomb are invasive phishing scams. Experts in the cyberarm of the UK Government Communications Headquarters “have spotted a range of scams and cyber threats that look to take advantage of COVID-19 for their own malicious ends. Attacks include phishing attacks, credential theft, bitcoin and financial fraud, ransomware campaigns and more.”[3]  Security firms, like Zscaler, have found “hacking threats on systems it monitors have increased 15% a month since the beginning of the year, and so far in March they've jumped 20%. The company can see what sort of attacks come through on the networks of its business customers. A growing category of hacks lure victims with the promise of information or protection from COVID-19….”[4]
‍

In fact, Zoom may be the subject of some of those phishing scams.  New phishing scam emails target the tools used by remote workers, “including fake requests to reset virtual private network (VPN) accounts, Zoom video conferencing accounts with faked sign-in pages, or accepting an incoming “chat” request from colleagues on supposedly corporate messaging systems.” Experts note that while scam emails often spoof  a corporate colleague’s email address, that rate has drastically increased – from about 12 to 60%. [5]
‍

Advisors should be aware of these threats not only to their own systems but also to their clients. Additionally, Advisors may need to consider that their clients may be on high alert about these scams as well. As we said back in December of 2017,[6] the best way to make sure your communications don’t trigger the same alarms as scam ones “may be what you are already doing. Many consumer protection advocates urge consumers to verify that a financial advisor is licensed, so ensuring that your communications always indicate your licensing is vital. Cold Calls and Telephone scams continue. Even though you’d think most folks are savvy enough to not make friends with strangers selling investments on the phone, people still get lured in.”
‍

We also urged financial advisors to stay away from urgent messages. “Additionally, financial scams often involve rushed or hurried opportunities. While good marketing is timely, relevant and compelling, it shouldn’t require immediate action by a client or their employee. Make sure that your call to action at the end of your newsletter aims more towards thoughtful action than harried response.”

[1] https://www.howtogeek.com/667183/what-is-zoombombing-and-how-can-you-stop-it

[2] https://blog.zoom.us/wordpress/2020/03/20/keep-uninvited-guests-out-of-your-zoom-event

[3] https://www.zdnet.com/article/coronavirus-themed-phishing-attacks-and-hacking-campaigns-are-on-the-rise

[4] https://www.cnet.com/news/as-coronavirus-crisis-worsens-hacking-is-increasing-security-experts-say

[5] https://www.theguardian.com/technology/2020/may/24/hacking-attacks-on-home-workers-see-huge-rise-during-lockdown

[6] https://www.bcgbenefits.com/blog/scams-triggers-beware

‍

‍

‍

‍

‍

‍These articles are prepared for general purposes and are not intended to provide advice or encourage specific behavior. Before taking any action, Advisors and Plan Sponsors should consult with their compliance, finance and legal teams.