J.P. Morgan Highlights Cybersecurity and Fraud Prevention for CDFIs

J.P. Morgan has released guidance for Community Development Financial Institutions (CDFIs) on strengthening their cybersecurity and fraud prevention strategies.

The report highlights a significant rise in fraud incidents, with 80% of organizations reporting being targets of payments fraud in 2023, up from 65% in 2022. CDFIs are identified as particularly vulnerable due to several factors. Their substantial assets and data make them attractive targets for malicious actors. Furthermore, their mission-driven and community-focused nature can increase susceptibility to social engineering attacks, such as business email compromise and phishing.

According to J.P. Morgan, CDFIs must balance their need to publicize their beneficial work with the risk of exposing information that could make them targets. For instance, announcements of newly funded projects might attract fraudulent attention. The size of the institution also presents varied challenges; smaller entities may have limited resources for technology and training, while larger ones can be more susceptible to large-scale payment fraud.

The guidance advises CDFIs to implement preventative measures and maintain good cyber hygiene, which includes securing data, networks, and systems. J.P. Morgan is also offering training sessions to help CDFIs understand the threat landscape and develop risk management strategies.