Cybersecurity Risks During the COVID-19 Pandemic

April 2, 2020

As part of our efforts to keep our clients safe, we will alert you when cybersecurity risk is particularly high or when specific fraud threats have emerged that you’ll want to be aware of. With the coronavirus outbreak, there has been a substantial increase in cyberfraud attacks. According to our cybersecurity consultant, the number is possibly the largest ever seen around a single theme. Fraudsters are upping their game and playing on our fears and our desire to help.  

Remember, the no. 1 defense against them is people, not technology. Once you’re aware of these attempts and know how to spot them, you’ll be in the best position to prevent them.  

Here are some of the new attempts our IT and cybersecurity consultants have identified lately: 

  • Fake World Health Organization or government emails around the coronavirus outbreak or stimulus checks.
  • Phony emails and texts soliciting money for fraudulent coronavirus-related charities.
  • Fraudulent webpages using coronavirus-related URLs that collect information for attackers from unsuspecting visitors. 

How to protect yourself:  

  • Know what to look for. Click here to see visual examples of some of these attacks and the tricks to spot them. 
  • Protect your email account. Do not click on any links whatsoever unless you’re expecting the communication and you’re completely sure they are coming from legitimate sources.
  • Protect all passwords. Use strong passwords and don’t use the same password for different accounts.
  • Protect account access. Use two-factor authentication when available.
  • Manage your devices. Always use antivirus software and update software regularly.
  • Protect information on social media. Do not share personal information such as birthdates, home addresses, phone numbers, or social security numbers.  

This is a good time to remind yourself of all the usual ways to protect yourself against common attacks, especially around your finances: 

  • Be wary of any unsolicited inbound phone calls potentially from tech support, government agencies, banks, software providers, and even persons claiming to be Litman Gregory employees. Never give information over the phone unless you are able to verify the caller is legitimate, such as by hanging up and calling back using the number you have on file. (Or visiting their website and calling via their listed number.)  
  • Remember that the IRS and the Social Security Administration will not call you. 
  • Do not reveal personal or financial information in an email. Deliver sensitive information through a secure means such as our client portal. 
  • Proactively enroll in an identity theft protection service to protect personal data. 

This is what we do to protect your financial information: 

  • We have established policies and procedures for reacting to suspected/confirmed client account compromises, which may include disabling the ability for fund transfers or establishing new account numbers. 
  • In many cases, especially around money transfers, our team will call you to verbally verify instructions and information. 
  • We train our team members regularly on cyberfraud topics and test employees using cyberfraud simulations. 
  • We have established security policies and procedures to protect client sensitive data that include minimizing authorized access to the data, appropriate handling of the data, device and network management, and physical security. 

Please reach out to your Litman Gregory Advisor if you have any questions about these updated cybersecurity threats or the steps that we’re taking to protect your information.