Financial companies and accountancy organizations have been facing more risks in the field of information security since the outbreak of the corona crisis. These include the risk of data leaks due to working from home and increasing dependence on (external) service providers. The AFM calls on companies to pay extra attention to this and shares insights to help with this.
The AFM conducted a risk-driven survey of 15 medium-sized and large financial enterprises and audit firms on the impact of the coronavirus outbreak on their business operations and how they are dealing with the increasing information security risks. It did this on the basis of signals and in consultation with De Nederlandsche Bank (DNB). The AFM identified six key risks that require extra attention.
Working from home makes companies more vulnerable to the risk of leaking sensitive information, for example through the use of insecure equipment or communication channels. The AFM also sees an increasing dependence among enterprises on (external) service providers, including suppliers of VPN connections. Other risks that enterprises need to be extra alert to include the risk of DDoS attacks, the downtime of (essential) employees, an increase in phishing activities and insecure IT systems due to the delay in installing security patches.
The AFM shares insights on these risks in a special appendix. This contains points of attention for each risk that companies should pay attention to. It also shares concrete practical examples of ways to reduce the risks.
Earlier, the AFM published its Principles for Information Security. In it, the AFM outlines its expectations regarding the desired behavior of financial enterprises and audit firms in the area of information security.
DNB also addresses the specific risks highlighted by the corona crisis in its Information Security Monitor 2020.
Download the appendix of the AFM Inventory of corona-related information security risks here
This news item can also be found in the dossiera Information Security and Coronavirus
