When it comes to cybersecurity, one thing is for sure: when a global crisis emerges, it’s only a matter of time before criminals find a way to exploit it. And few situations offer as many opportunities for hackers as a global pandemic.
As businesses around the world work to rapidly shift strategies amidst COVID-19, hackers are cashing in on workers’ fears and uncertainty. It seems a new coronavirus scam is emerging almost daily – creating massive headaches for business leaders who are already struggling to keep operations afloat.
What does a COVID-19 scam look like, and what actions can you take to protect your organization during this challenging time?
Here’s a quick breakdown:
How to Spot a Coronavirus Scam
Since January, the number of coronavirus-themed attacks has skyrocketed, even prompting the FBI to issue a Public Service Announcement. Many of these attacks are originating as phishing emails that prey on recipients’ thirst for information.
For example, some emails claim to offer critical details about the virus, asking recipients to click to view videos. Others direct them to a landing page where they can order a pandemic “survival guide” by inputting personal information and credit card details.
Another coronavirus scam capitalizes on peoples’ compassion and desire to help others. The email claims to be gathering charitable donations for reputable organizations like UNICEF and GlobalGiving and cites data from the World Health Organization. The message urges recipients to donate Bitcoin (which should be the first red flag), and even includes a QR code for faster “donations.”
Some emails appear to be sent by legitimate organizations and ask recipients to download and open attached files, which are infected with malware or ransomware.
Luckily, there are a few actions you can take now for coronavirus business protection.
5 Ways to Protect Your Business During the COVID-19 Pandemic
Here are five things you can do right now to protect your organization against phishing attacks:
1. Educate Your Team on the Current Threats
If you haven’t already, implement a security awareness and training program. Make sure all employees are aware of these phishing attempts and ask them to report any suspicious activity immediately. Remind them to carefully inspect sender email addresses and look for spoofs. In some cases, hackers may impersonate individuals an employee trusts, so it’s crucial they know never to share any sensitive information via email – no matter who an email appears to be from.
If you haven’t already, implement a security awareness and training program.
2. Authorize Multi-Factor Authentication
While it’s not a fail-safe solution, multi-factor authentication makes it more challenging for hackers to access accounts.
You can either set up SMS authentication (which sends a text verification with a code that users must submit before accessing their account) or token-based authentication (which requires an application on two paired devices to log into an account).
3. Enact New Email Protections
There are also a few email-specific actions you can take, including:
Disable automatic email-forwarding (for the entire organization): This way, cybercriminals won’t be able to reroute emails from a target contact’s email to their own address.
Set up display name spoofing protection: Use this email server rules to ensure no one can use the display name of key decision-makers if those emails come from outside your organization.
Enable email banners that highlight emails originating outside the company: This will help users identify possible spoofed emails.
4. Use a Password Manager
Solutions such as LastPass or Bitwarden help users set unique and complicated passwords for each of their accounts. They also require the user to set up one complex password to access their password “vault.” This way, they don’t have to remember multiple different passwords for each of their many accounts.
5. Update Company Policies
Given many companies are requiring team members to practice social distancing and work remotely – which can increase security risks – it’s an excellent time to put some extra checks in place. For example, you may want to request that team members upload files to a centralized intranet, such as Microsoft teams, instead of sending attachments via email, or ensure that they are informed about the risks and practicing safe online habits.
As we all work to navigate changes and adjust to life and work amidst the COVID-19 pandemic, the last thing you want is to become a victim of a coronavirus scam. By remaining informed and taking the above precautions, you can foster better security habits and protect your company.
Are you concerned about your organization’s security? Schedule time to talk to an expert.