The world has been shaken by the quick and rapid spread of the Corona-virus (COVID-19), unfortunately, your health isn’t the only thing at risk. The rapid move to new software, services and remote working environment means that hackers and bad actors will leverage this moment of transition to computerize your cybersecurity. Ranging from infection maps loaded with malicious software, scary subject lines or even using your own companies’ letterhead, bad actors are scrambling to use this moment of disruption caused by COVID-19 to their advantage.
While COVID-19 is unprecedented in modern history, hackers often use any significant event like a fire, outbreak or other disaster hackers are quick to capitalize and hijack search terms to spread malware, this creates a target-rich environment for cybercriminals to launch phishing attacks and other nasty tricks to gain access to your data. It only takes one employee opening a phishing email, clicking on a dangerous link or downloading malware-infected attachments for the hackers to gain a foothold. Sometimes, it’s not even your employee’s fault but a breached password sold on the dark web that leads to you being compromised.
Here are three ways you can act immediately to prevent a potentially disastrous Coronavirus-related data breach:
Plan, Protect and Backup
Use expert guidance from agencies like CISA or NIST to prepare your organization for new risks posed by events like COVID-19. Is your cyber-security plan sufficient for the challenges presented by the increased decentralization of your staff and data? Two-factor authentication and other tools like VPN’s and modern endpoint protection software will help keep your data and systems safe even when staff is working remotely.
Trust, but never blindly
When looking for updates on COVID-19 or any other natural disaster from trusted, official sources and encourage your staff to only use vetted information for planning and communications. Train your staff to be wary of any email containing COVID-19 subjects, attachments or hyperlinks, remember, hackers can create a new website that is ‘secure’ (note, just because it’s https, doesn’t mean it’s secure, it means it’s private) within seconds. Avoid sharing or clicking on social media posts, text messages or instant messages offering unsolicited Coronavirus information, vaccination details, treatments or cures.
Make Prevention part of the cure
It’s a great time to remind staff on how to spot phishing scams and online fraud. Remind your staff, no government agency or IT provider will ask for sensitive personal, financial or business information via an email. It’s also a good opportunity to discuss the dangers of clicking on links or opening attachments from unfamiliar sources; this is a quick way for scammers to infect your systems with malware and RATS. Your IT provider should offer some Security Awareness training and Phishing Simulations to help make sure your staff is ready to protect against an attack.
Sources
- https://www.cisa.gov/sites/default/files/publications/20_0306_cisa_insights_risk_management_for_novel_coronavirus.pdf
- https://www.consumer.ftc.gov/blog/2020/02/coronavirus-scammers-follow-headlines
- https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams
- https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing
- https://www.cisa.gov/coronavirus
- https://www.consumer.ftc.gov/blog/2020/03/ftc-fda-warnings-sent-sellers-scam-coronavirus-treatments
