Billing and Payment Security in the Age of COVID-19
- May 11, 2020 8:23 pm GMT
By Brenda Magri, Senior Director, Security Strategy, Fiserv Biller Solutions
Cybersecurity is a crime of ever-present opportunity. For cybercriminals, the COVID-19 pandemic has proven to be a golden moment as bad actors have sought to exploit the crisis to their advantage. In response, utilities, like other companies that handle sensitive customer data, are compelled to heighten security to protect financial, billing and payment systems. An enhanced approach can include updates to the systems themselves, adjustments to processes and an emphasis on employee education.
Cyberattacks are Up
Across all business sectors, companies and consumers face the threat of new cyberattacks linked to the COVID-19 crisis. Employees – many of whom may be out of their routine while working from home – are possibly perceived as distracted and thus more vulnerable.
One of the most popular types of cyberattack is “phishing” with a fake email or “smishing” (phishing via text message). These involve bogus but legitimate-looking messages enticing the recipient to click on a link for more information. This often takes the form of an urgent warning requiring that a specific action be taken immediately to prevent loss of access to a financial account or another important service upon which the person targeted by the scam relies. Alternatively, the messages may appear to come from a health organization providing COVID-19 updates (for example, offering access to masks or testing kits) or – aligned to the rise in online shopping – could warn of an issue with a delivery by a freight carrier. In either case, clicking on a link or an action button can expose that device to the risk of a cyberattack. And that could lead to data theft or the introduction of ransomware to a utility’s financial and data systems.
Employee education plays a key role in preventing such situations. Prior to the pandemic, a utility employee working in their usual office environment might notice a suspicious message and either delete it without opening or forward it to the IT department for investigation. Now, that same employee could be juggling multiple responsibilities in an unusual work situation. The criminals are counting on an employee’s guard being down and failing to detect the subtle signs that an incoming email is a phishing attempt.
Any unauthorized access to a utility’s billing and payment systems could be devastating, impacting the ability to bill customers and receive payments at a time when people are inside their own four walls more than usual, and thus need heat, light and power to be available.
Best Practices for Defense against Cyberattacks
Fortunately, utilities and other companies can take steps to defend themselves against this new wave of cyberattacks:
- Tune data loss tools, including email spam filters, for enhanced sensitivity to COVID-19-related threats; keep watch for not only that term, but related words and language, and commonly misspelled words similar to the key terms.
- Create a regular cadence of COVID-19 communications and convey that schedule to employees so they know to always expect, for example, the weekly summary of business updates arrives on Fridays. Tell them what the official emails will look like, so any phishing emails will be more likely to raise red flags.
- Educate employees on what to look for in order to detect phishing and smishing attempts. Warning signs include spelling and grammatical errors and frenzied-sounding communications urging the recipient to take a specific action without delay. Instruct employees to never click on links from unknown senders – ideally with an automated warning at the top of any external emails advising to “think before you click.”
- Help protect your customers by collecting only the data you need, rather than all the data you want. Providing them with a more personalized customer experience can require a robust data profile, but it also comes with the additional responsibility of protecting that data. In the quest to enhance customer interactions and raise satisfaction scores, be wary of collecting and storing more data than is reasonably needed.
Protecting data and financial systems is not just a job for the Security and IT departments; every employee plays a critical role on the front lines of your defense. With thorough training and consistent, comprehensive communications, employees can create a significant barrier against cyberattacks. In today’s rapidly evolving COVID-19 world, that’s an important part of keeping billing and payment systems running.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.