Even with life being stressful enough during this uncertain time of COVID-19, things have been made worse by the increasing number of cybercriminals and other nefarious actors trying to profit from the current chaos and insecurity.
There are three main types of cyber threats that your organization and employees should be aware of as described in the section below.
Increased Amount of Typical Cyber Threats
The most widespread and dangerous type of cyber threat, which has increased dramatically during the spread of the virus, is phishing. This malicious cyber behavior seeks to gain entry into your company’s network through deception.
Phishing uses emails or web links with enticing contests, prizes, or story links that users will be attracted to opening or clicking on. However, when the targeted user makes the mistake of clicking on the link or opening an attachment, they end up installing malware that provides the cybercriminal with access to both their device and their employer’s network.
One particularly effective method skilled hackers are using more often during this time is called Boss Phishing. The cybercriminals utilize a simulated email request that seems to be coming from their boss or someone else with authority in your organization. Often the imposter will pretend to be the CFO or someone in Finance and will ask for the transfer of funds to a phony account or access to the company or a client’s account. These emails appear legitimate at first glance with the proper email address, name, and title, which fools the conscientious employee that wants to do a good job helping management. Even more insidious, some criminals are taking advantage of the increased company communications during the pandemic to send out Boss Phishing messages regarding the virus accompanied by malware links.
In addition, cybercriminals are exploiting the widespread financial nervousness of people, by creating a variety of phishing scams offering supposedly foolproof investment advice and other shady tips for wealth protection and growth. These already slick campaigns are even more appealing to the growing number of people looking for protection from financial uncertainty.
Exploitation of Employees Working Remotely
One cybercrime trend directly related to COVID-19 is the increase in phony websites with a focus on providing information on IT, tools, and methods to help your employees work better remotely. Many companies and employees that are inexperienced with telework are being deceived by these sites that provide some useful tips and then offer more enticing additional information upon the receipt of sensitive personal information from the user. Unfortunately, once the user information is entered into the website form, it is captured by a hacker that will either utilize it themselves to make unauthorized purchases or will sell it on the dark web to others who will steal the user’s identity and exploit the sensitive financial and personal information for their own gain.
In addition, because so many individual workers are not used to working remotely, with some even using their personal devices, the number of portals into company networks has grown exponentially. This trend offers cybercriminals many more opportunities to breach company networks.
Cybercriminals are capitalizing on the poor cyber hygiene of employees and their use of less well-protected devices at home. These bad actors are taking advantage of employees’ poor internet and email behavior and the use of less-protected devices to gain unauthorized access, disrupt operations, and extort money from small businesses.
COVID-19 Themed Websites and Products
Many skilled scammers have increased their efforts to fleece nervous people, who are trying to get accurate information about the spread of the virus and to find ways to prevent it. These criminal efforts include creating phony coronavirus information websites as well as developing emails and websites that supposedly offer cures and preventative measures.
One type of website that has become popular during these anxious times has been the interactive site offering some form of a map that accurately tracks the spread of the virus throughout the United States and the world. Cybercriminals have capitalized on this trend by developing similar looking tracking websites with official sounding names. When the unsuspecting user clicks on the site, an embedded malware is transferred to their device, which can steal usernames, passwords, credit card numbers, and other sensitive data that is stored in their browser.
In addition, hackers have created many fraudulent COVID-19-related websites purporting to represent charities and other organizations, which request generous donations from visitors. Any kind-hearted soul that enters their credit card information on these sites is doubly penalized. First, the donation will go straight to a cybercriminal bank account, and even worse, any sensitive financial information that is entered will be utilized for additional unauthorized purchases.
Your employees should also be vigilant in avoiding websites, emails, telemarketers and any other sources offering them products that will supposedly protect or cure them from the virus. There are currently no vaccines or medical products that will protect or cure people from COVID-19. When this happy moment actually occurs, it will be verified and reported by a trustworthy source such as the Centers for Disease Control and Prevention (CDC) or the National Institutes of Health (NIH). Any sensitive financial information your employees share with these fraudsters either online or on the phone will be harvested for their own profits.
Ways to Protect Your Organization and Employees Against COVID-19 Scams
Train your employees
In short, your employees are always the weakest link in cybersecurity, and the recent massive increase in telework has opened up even more vulnerabilities for your company’s network. As a result, your organization should take the time to educate and train your employees on how to practice good cyber hygiene such as never answering emails from unknown sources or clicking on any outside links and never forwarding suspicious emails. Your company should also train your employees on how to spot phishing attempts and reinforce the policy that any request for funds or sensitive company or client information must be confirmed via a phone call, password, or other secure method.
Communicate Frequently With Your Employees
Along with training, your company should also regularly inform your staff of any ongoing or new COVID-19-related and other scams as well as caution them about phony products and websites. Your firm should also encourage your employees to be vigilant and to promptly share any of their experiences with malware and other cyberattacks with management. Your organization should utilize different communication methods to continuously stress the importance of all employees being even more cautious during this crisis
Seek assistance from your IT Support Partner
Your company should treat a trusted IT Support Partner, such as Computer Medic On Call, like a safe harbor in this pandemic storm. A reliable IT partner will offer your company useful advice and will implement any necessary solutions to help protect your organization against aggressive cybercriminals.
For example, one simple step your company can take is to work with your IT partner to identify the staff members that should have access to sensitive client or company information. With your IT partner’s help, you will be able to limit this number to the select few necessary, and you will also be able to protect any information and transactions with properly maintained firewalls and password protocols.
In addition, it is advisable that you work with an IT Support Partner to conduct controlled email phishing campaigns to more effectively test and train your workers regarding cybercrime. These campaigns send fake phishing emails to your staff to find out who will click on the bait. This valuable tool not only identifies which staff members are susceptible to deception, but it also provides useful information to educate your employees on how to defeat phishing and other cyberattacks.
By recognizing the increasing number of cybercrimes and other scams occurring because of COVID-19 and taking the necessary measures to protect yourself with the assistance of your IT partner, your organization will be able to continue to successfully achieve its unique objectives.