During RMA’s Risk Readiness Special Coverage webinar, April Falcon Doss, Chair, Cybersecurity and Privacy at Saul Ewing Arnstein & Lehr, shared the ways in which the COVID-19 crisis is expanding cybersecurity and data privacy risks for the financial services industry.
Cyber criminals are taking advantage of the pandemic to launch phishing campaigns specifically intended to lure email users into clicking on malicious links or attachments that appear to be legitimate information from public health officials and other news sources about the pandemic. Sophisticated hackers are also launching sustained attacks on health organizations, health care providers and agencies.
As organizations have more staff working remotely as part of their overall coronavirus response, there is a heightened risk that staff may handle privacy-protected information outside of secure channels – forwarding sensitive information to personal email accounts, uploading it into non-secure or personal cloud storage platforms, downloading it onto removable media, and the like.
Doss stressed the importance of financial institutions staying current on cybersecurity and privacy obligations imposed by regulators during COVID-19 and establishing internal policies and IT best practices.
Organizations are dealing with complex questions under U.S. and international data privacy laws as they consider how to balance rapid and effective response to COVID-19 threats while complying with the complex requirements of multiple privacy laws.
Rules are still emerging regarding guidance on privacy and COVID-19 surveillance. However, Federal Trade Commission guidance states that enforcement actions will be focused on COVID-19-related scams. For privacy-related investigations, a “flexible and reasonable” approach will be implemented, especially for companies providing essential goods and services.
For the full presentation, download the recording here.