To add insult to injury with the onslaught of the coronavirus pandemic, hackers and other scammers have ramped up their efforts to take advantage of uneasy individuals and small businesses. It is important for your organization to be aware of these increased threats and take the necessary actions to protect your company.
In this blog post, we will make you aware of some of these coronavirus-related cybersecurity threats and offer recommendations that will help your small business during this uncertain time and in the future.
Problems Arising from Remote Work
Although advanced communications technology has given companies valuable remote work options to continue their operations, it has also exposed them to more risks from cybercriminals. Many individuals are not accustomed to working from home and may be using their personal devices to access their organization’s network.
Hackers will greedily exploit employees’ poor internet and email behavior and the use of less-protected devices to gain unauthorized access, disrupt operations, and extort money from small businesses. Simply put, employees are always the weakest link in cybersecurity, and remote work opens up more vulnerabilities for your company’s network.
Apart from an increase in the usual phishing attempts, scammers are attempting to victimize individuals and businesses with some new methods designed to take advantage of people’s coronavirus fears as described below.
Phishing, already a rampant problem, is being exploited in new forms by cybercriminals eager to benefit from the impact of the coronavirus.
Phishing uses emails or web links with enticing contests, prizes, or story links that users will be attracted to opening or clicking on. However, when the individual makes the mistake of clicking on the link or opening an attachment, they end up installing malware that provides the cybercriminal with access to the company network. Coronavirus-related phishing, as discussed in greater detail in the sections below, tries to get clicks by promising access to relevant information on the virus or the ability to purchase valuable medicine for protection.
Another more devious phishing example is what is known as Boss Phishing, where hackers use a simulated email request from a boss or other authority figure, such as a CEO or CFO. Hackers are increasingly using Boss Phishing with phony communications and updates about the coronavirus, which employees are more likely to pay attention to and click on without sufficient caution. These emails appear legitimate at first glance with the proper email address, name, and title, which lulls the employee into a false sense of security.
Your employees’ inboxes are receiving official-looking emails from national or international health agencies such as the Centers for Disease Control (CDC) and other organizations offering new apps that will help them closely follow the spread of the virus. Once the app is installed on a device, however, it will lock it up with ransomware, and the hacker will then demand payment in bitcoins in return for restoring control back to the device user.
Another well-designed email looks convincingly like an official email from the World Health Organization (WHO) offering safety information in an attachment. This email and similar ones look authentic because hackers are utilizing tools to closely match the logo and email formats of the legitimate organizations. Once the attachment is clicked, malware is released onto the individual’s device and potentially into your company’s network. Once inside the network, cybercriminals will quickly look to access as much personally sensitive information as well as passwords from your employees and clients that they can find. The hackers will then use this information to try and get access to funds or they will sell it on the dark web to the highest bidder for similar nefarious purposes.
Another common scam appearing more often with the spread of the coronavirus is the use of official- looking websites that claim to offer information or even access to vaccines or other medicines related to treating the virus. These phony websites look realistic thanks to powerful tools available to cybercriminals. These websites will usually ask for sensitive personal and financial information to enter the site, which the hackers will then capture for their own malicious use. Once they secure this information, the scammers will use it to access personal funds and employer networks, and they will also sell it on the dark web.
Misinformation on Social Media
One of the worst problems for small businesses and individuals alike is the chaos and stress that comes from panic, especially when it is originating from information communicated by suspect sources. Different forms of social media have some of the worst offenders who peddle misinformation and conspiracy theories in an effort to drive up views of their websites and videos. Many of these scammers also look to profit by exploiting fear. They do this by offering fake cures and vaccines for sale or promising access to investments that will help protect company and individual finances from the massive economic impact of the pandemic.
Recommended Actions to Protect Your Small Business
In order to help protect your small business from enhanced cybersecurity threats during the coronavirus pandemic, we offer the following useful recommendations:
- Regularly issue communications on the latest coronavirus-related scams that they learn about with detailed descriptions. They should also encourage employees to share any scamming attempts they encounter.
- Remind employees to be cautious of suspicious emails, phony websites, and misinformation on social media as described above.
- Implement and enforce a strict internet and email usage policy for employees in the office and remotely. A good rule of thumb to communicate is to stress to employees to always be skeptical of unknown senders or any links that seem too enticing or too good to be true.
- Offer training for staff on these and other proven cybersecurity steps and remind employees frequently to be vigilant about new scams.
- Work with an IT Support partner to occasionally conduct controlled email phishing campaigns. This service sends fake phishing emails to your staff to find out who clicks on the bait. This tool identifies which staff members are susceptible to deception and also provides useful information to educate your staff on how to avoid phishing and other cyberattacks.
- Limit the number of employees who have access to sensitive company or client information.
- Carefully monitor official company communications and be aware of the latest cybersecurity threats and scams.
- Strictly follow company internet and email usage policy in the office or remotely and be particularly vigilant when using their own devices to access company networks.
- Carefully review any email request by checking for typos, awkward language, or any other characteristics that indicate it might not be from the purported sender.
- Never reply directly to a suspicious email but rather create a new message and type in the official email address.
- Never forward a suspicious email or one with an unknown sender to a colleague.
- Avoid clicking on any links or open any attachments in emails. Any of these links could send the user to a site controlled by a cybercriminal or enable them to gain access to your network.
- Always verify any sensitive request personally with the boss or other authority figure through secure methods such as with a telephone conversation or a company inner-office chat system. This step will ensure that the request is legitimate and will overcome the situation where a cybercriminal has hacked into the boss’s email.
Consult with Your IT Support Partner
During this uncertain time, we encourage you to reach out to a trusted IT Support Partner, like Network Depot, to help ensure that your company is optimally protecting itself against the increased cybersecurity threat resulting from this crisis. Your IT partner will offer your company valuable advice and will implement any necessary solutions to help protect your organization against aggressive cybercriminals during this pandemic and beyond.