Even after governments and the healthcare community succeed in stopping the spread of COVID-19, a long tail of financial crime is likely to follow. Already, cybercriminals are phishing fearful consumers under the guise of COVID-19 aid. And, they are expected to very soon begin targeting government relief programs. The effectiveness of their crimes will be greatly helped along by the tenuous security posture of the country’s largest-ever pool of remote workers.
We know that weak authentication is the leading cause of data breaches. Cybercriminals know it, too, and they are undoubtedly giddy at the possibilities being created by this workforce shift.
As they experiment with new forms of cyber scams, criminals will gain access to a wealth of personal information. That stolen data will fuel a massive wave of crime targeting the identities and accounts of consumers long after lockdowns are lifted and people resume the normalcy of 21st century life.
According to our partners at the Identity Theft Resource Center (ITRC), there are 3.4 data breaches in the U.S. every day, on average. However, the days we are currently experiencing are far from average. Businesses are struggling to accommodate remote access for their employees, many of whom are working from home for the first time. This is a key area of inevitable security break downs.
Effectively and securely accommodating remote systems requires strong authentication, as well as the strategic limitation of data and system access to only the most essential employees. It’s not difficult to imagine that many of the businesses scrambling to continue operations with a newly minted remote workforce are exposing their data and their customers’ data in the worst ways possible.
That is not to say all attacks on data will come from the outside. The most powerful deterrent to insider crime is conspicuous surveillance. By shifting thousands of employees out of large operations centers in which they are surrounded by coworkers, supervisors, video cameras and physical access control systems, companies lift the specter of detection. Add to that a worsening economic situation, and we can see how things may quickly go awry. For employees with little oversight and a growing pile of unpaid bills, a perceived need to do whatever is necessary to meet their financial obligations could be met by new opportunities to steal valuable information.
Suffice it to say, the security of personal information that is stored and transmitted by companies we rely on is at increased risk of compromise as we navigate the “new normal” of remote working. What does that mean for consumers whose financial lives may already be upended? For the foreseeable future, it will create another source of anxiety as ransomware attacks and other data breach events hit the news. And, it leaves consumers at a greatly increased risk of identity theft and fraud as that information is bought, sold and traded by criminals. Fraud losses will rise, consumers and organizations will suffer and fraudsters will thrive.
The silver lining exists with trusted providers like banks, credit unions, insurers and merchants that are already taking decisive action to support consumers and help secure their identities and accounts. The best of the best have planned ahead; others are playing catch up. No matter where you fall on the spectrum, consider that partnerships with external resources can be incredibly helpful. Collaborating with experts who bring an outside-in perspective, and who understand the most effective ways to apply innovative technologies, can greatly reduce the relationship-damaging triage that often accompanies a last-minute response to surging fraud.
Personal information is more at risk than ever, but we are far from helpless. This is one threat that we can see coming. Preparing for a significant surge in fraudulent applications, account takeover attempts and unauthorized transactions is not only prudent, it’s the right thing to do. Millions of consumers depend on financial institutions, payments providers and merchants to keep their accounts safe as the long tail of data breach fraud endures.
Al Pascual is co-founder and COO of fraud prevention and detection technology firm Breach Clarity. He can be reached at al@breachclarity.com.