I am writing to you as Chair of the PASA Cybercrime and Fraud Working Group (CFWG).
TPR have issued general guidance to pensions scheme concerning some extra steps which they should take during the current COVID-19 heath and economic emergency. The guidance can be viewed in full here.
It states that ‘We expect trustees to have appropriate monitoring and contingency planning in place and to be alive to risks that would have a significant consequences for their scheme and members.’ and states that ‘We are currently engaging with key administrators to understand their current preparedness.’
Since the current crisis started escalating there has been a real spike in cybercrime attacks. Cybercriminals have taken advantage of the growing demand for information by loading malicious software into tracking maps, government reports and health fact sheets. New websites with variations on ‘coronavirus’ in their internet addresses have also exploded, with many of them masking online scams. Some cybercriminals clearly think that ‘all their Christmases have come at once’ – an anxious population, vulnerable people at the highest risk, excessive demand for goods no longer in stock, and masses of disinformation awash on social media. All of this equates to a massive opportunity to prey on people and attempt to defraud them while they are at their most susceptible.
Phishing attacks have increased, seeking to exploit anxiety about the virus and bogus websites purporting to offer information about the progress of the virus, its symptoms and how to protect yourself against it. This has been compounded by organisations setting up new ways of remote working at a pace which does not always allow effective cyber security arrangements to be put in place. It is also the case that some organisations do not have an adequate level of visibility of their third-party suppliers of technology-related services, or enough knowledge of the extent to which they are properly protected or not.
In this context, I felt it was right that I should remind PASA members of some steps they should be taking. There is a short 5-minute webinar which you can watch here.
I hope this is helpful. The CFWG will be working hard to develop guidance and standards around both cybercrime and fraud and you will be hearing more about this shortly.