Facebook LinkedIn

Increased cyber risk for entities supervised by ASF

Bucharest, March 26, 2020 - The Financial Supervisory Authority (ASF) draws attention to the increase of cyber risk on the non-banking financial market, given that the activity of entities regulated / supervised by the Authority is generally carried out remotely as a measure to prevent the spread of coronavirus infections.

In the context in which some of the employees of the entities operate remotely, it is possible to multiply the risks, especially those related to the loss of data or their unauthorized use.

Cyber-attacks speculate the fear of coronavirus and send phishing messages through electronic communication channels. They attempt to mislead or persuade users to access or connect to a link / website through which data / information / passwords can be subsequently stolen or malware downloaded, in order to disrupt or damage computer systems / the applications used.

In this situation, ensuring the maintenance and good administration of the information systems are particularly important, in order to effectively protect the historical records, the personal data of the consumers and the monetary or asset flows.

 ASF recommends to the regulated / supervised entities the adoption of the following cyber security measures:

  • setting up access accounts and setting solid access passwords, preferably with two authentication factors;
  • identification of additional risks and management modalities if personnel are allowed to use personal work devices (computer / laptop / phone) - the control and visibility by the entity of these devices are more limited and involve robust authentication solutions;
  • training the staff on the risks of phishing and on detecting the typical signals of the phishing emails, as well as alerting their clients on how to communicate / confirm the services provided;
  • training of staff on the communication / reporting, in the shortest time, of cyber security issues or cyber threats;
  • developing instructions / guides for the use of remote applications and testing them before use, if they are different compared to those used at the office / office;
  • enable and configure the encryption of the data used on the computers / telephones used for the telecommunication to be protected in case of loss / theft of the working device;
  • identifying tools that can be used to block unauthorized access to the work device, to delete or copy data stored within it.

At the same time, ASF recommends companies operating in the non-banking financial market to review / identify, in the new context, together with the external IT auditor / outsourced IT service provider, the vulnerabilities and identify the ways to address the operational risks.

ASF is with the entities they regulate / supervise to help them manage the situations that may arise as a result of the context generated by the COVID-19 crisis as efficiently as possible. We recall that, at its meeting on March 24, 2020, the ASF Council decided to reduce by 25% all contributions due by the regulated entities, during the establishment of the state of emergency.

 

*********

About ASF

ASF is the national authority set up in 2013 through OUG 93/2012 approved by Law 113/2013, for the regulation and supervision of insurance markets, private pensions and the capital market. ASF contributes to strengthening the integrated operating framework of the three sectors, which amounts over 10 million participants. More information can be found at www.asfromania.ro.