As tensions rise around the spread of a global pandemic, most people are naturally concerned first and foremost with protecting their health. However, while you focus on preventing the spread of COVID-19, you might not be aware that your data is also at risk.
As tensions rise around the spread of a global pandemic, most people are naturally concerned first and foremost with protecting their health. However, while you focus on preventing the spread of COVID-19, you might not be aware that your data is also at risk.
Unfortunately, cybercriminals are taking advantage of people’s heightened anxiety to try and manipulate them into disclosing sensitive information.
Here are the current dangers and some precautions you can take to avoid falling victim to one of these scams as you navigate this ongoing crisis.
What Are the Threats?
In a time of increased vigilance, people are often less likely to follow ordinary cybersecurity precautions, ironically enough. Malicious actors are only too happy to take advantage of any lapse in security. On March 12, NBC News reported that email scammers were impersonating the CDC and the World Health Organization to extract information from people.
Hackers are primarily using phishing emails to steal data from their targets. These communications can include fear-mongering subject lines about the spread of the disease and misleading claims about testing and vaccines. Unsuspecting users can download malware hidden in attachments and compromise the entire system.
The body of the email might contain a hyperlink that takes the user to a malicious site that could prompt visitors to enter sensitive data or install malware. Employees should be made aware of these threats and taught to avoid suspicious URLs in emails, even if they use official-looking letterhead and language.
Phishing attacks are often very sophisticated, especially as users become savvier, and it might take more than a single once-over to detect that something is off.
Spear phishing is another major concern, especially in a time of uncertainty and upheaval. In this type of attack, hackers gain access to login credentials from a member of an organization and use them to convince others to give up their information.
Spear phishing is especially dangerous because the emails look like they are coming from a legitimate source within the company, and they can cause a lot of damage before they are detected.
Common Phishing Strategies
The Federal Trade Commission has compiled a list of common strategies scammers use to get information from SMBs. These can include messages indicating you must confirm personal information, saying there have been suspicious login attempts, offering coupons for free services, prompting you to click a link to provide payment information, and attaching fake invoices. Phishing emails will often begin with a generic form of address such as “Dear Customer” rather than addressing users by name.
If you notice that something seems odd about a communication you have received, it should be reported to your I.T. department since phishing scammers often cast a wide net within an organization.
What You Can Do:
1. Emphasize Security Training
Ideally, you should make sure everyone in your company is up to date on the security risks before they become an issue. Put a protocol in place for reporting suspicious emails and give examples of these kinds of communications.
These can include emails containing coupons or rebates for coronavirus testing, emails apparently from your company’s health insurance provider asking you to update personal information, and even notices of suspicious login attempts prompting you to enter your username and password.
Employees should be made aware of the types of information scammers are trying to steal, i.e., passwords, account numbers, personal information, and social security numbers. That way, it becomes easier to spot malicious communications.
In a time of increased anxiety, it’s easier to fall victim to phishing attacks that prey on people’s fears, but with a few security measures in place, you can safeguard your data as you face this crisis.
2. Verify Sources
Information is likely coming in from a multitude of sources, and cybercriminals will take advantage of this to try and bypass spam filters. Only emails coming from official sources such as the CDC and other .gov organizations and trusted companies should be taken seriously.
Employees should receive a list of trusted sources for communication regarding coronavirus and be instructed to disregard emails and messages from any senders not included.
3. Plan for Increased Risk
You should approach the coming crisis with a prevention mindset, meaning that it should be taken as a given that you will face increased security threats during this time. As you put plans in place to mitigate the risk of infection for your employees, you should also be thinking about applying the same principles to cybersecurity.
Small to medium-sized businesses should work with their I.T. departments and/or managed service providers to create an action plan and ensure that the latest security updates are installed across all devices. They should also ensure that all employees are aware of their roles in the disaster recovery and business continuity plan.
4. Enable Multi-factor Authentication
In a time when many employees will be working from home, it is especially important to emphasize data security. Spear phishing attacks in which hackers gain access to someone’s credentials within the company can often be prevented with multi-factor authentication. By ensuring that users need more than just a password to log in, you can stop malicious actors before they have a chance to compromise your data.
All users should use 2FA to access work-related systems, and security protocols should be put in place for any personal computers and mobile phones they may be using to telecommute.
5. Consult with Experts
If you are not confident in your company’s ability to ward off cybercrime during this difficult time, getting advice from cybersecurity experts could make the difference between weathering the storm and experiencing a data breach.
You should come away from your consultation with a detailed list of steps you can take to protect your company’s information.
Partnering with a managed service provider can protect your SMB from cybercrime now and in an uncertain future. For more information about how managed services can improve security for your business, call 844-44-JMARK, email us at [email protected], or use the Contact Us page of our website.