Cybersecurity Risks Related to COVID-19



COVID-19 Cybersecurity

Cybersecurity Risks Related to COVID-19

To help you, our customers, manage the impacts of COVID-19, we would like to share information from the Department of Homeland Security (DHS) and the Federal Financial Institutions Supervisory Council (FFIEC).  We encourage you to follow these links to ensure your organization is aware and prepared for opportunistic cyber thieves.

The Cybersecurity and Critical Infrastructure Agency (CISA) of DHS issued Awareness Alert AA20-073Ai, “Enterprise VPN Security,” to advise organizations of cybersecurity considerations and mitigations for enterprise virtual private network (VPN) solutions enabling teleworking employees to connect to an organization’s information technology (IT) network. If you are having your employees telecommute, be sure that your systems are patched and secure!

CISA issued a Cyber Alert, “Defending Against COVID-19 Cyber Scams,” reminding individuals to remain vigilant for scams related to COVID-19. Cyber actors have been sending emails with malicious attachments or links to fraudulent websites attempting to trick recipients into revealing sensitive information or donating to fraudulent charities or causes. We encourage you to caution staff and customers in handling any email with a COVID-19-related subject line, attachment, or hyperlink. Additionally, please advise your customers and staff to be very cautions with social media posts, texts, or calls related to COVID-19. As more and more people practice Social Distancing and/or Self-Quarantine, the use of digital means to conduct business will increase accordingly.  Because of this, extra caution is warranted!

CISA Issued guidance for “Risk Management for Novel Coronavirus (COVID-19),” outlining physical, supply chain, and cybersecurity issues that may arise from the spread of COVID-19. As organizations explore various alternate workplace options in response to COVID-19, CISA recommends examining the security of information technology systems by taking the following steps:

  • Secure systems that enable remote access.

    • Ensure Virtual Private Network and other remote access systems are fully patched.

    • Enhance system monitoring to receive early detection and alerts on abnormal activity.

    • Implement multi-factor authentication.

  • Ensure all machines have properly configured firewalls, as well as anti-malware and intrusion prevention software installed.oTest remote access solutions capacity, and increase capacity, as necessary.

  • Ensure continuity of operations plans or business continuity plans are current.

  • Increase awareness of information technology support mechanisms for employees who work remotely.

  • Update incident response plans to consider workforce changes in a distributed environment.

The document also provides recommendations for infrastructure protection and managing supply chain risks.

Thank you for being our customer and know that your bank is here for you!


Enterprise VPN Security
Defending Against COVID-19 Cyber Scams
Risk Management for Novel Coronavirus (COVID-19)