As the coronavirus dominates global headlines, organizations should be aware of COVID-19 related cyber threats beginning to emerge with the growth of the healthcare pandemic. Businesses that allow employees to work from home should enforce the proper cybersecurity policies for their operations.
COVID-19 and cyber threats
Spreading of the coronavirus (COVID-19) is helping to fuel a rise in cybercrime associated with the disease & creating an opportunity for online threats to succeed. The global nature of the infection has enabled the type of environment in which panic and fear are manipulated by cybercriminals who are skilled in taking advantage of these types of scenarios.
As more people are affected by coronavirus, it is critical to be aware of how impactful a global outbreak can be when it relates to online scams, cyber threats, and phishing attacks.
Phishing email scams
It is not uncommon for the cybercrime community to take advantage of problematic times and create sinister opportunities for their advantage. The Federal Trade Commission warns of phony donation schemes that can be leveraged by crooks during a healthcare outbreak such as coronavirus. These times of crisis can flood the internet with fraudulent resources & aggressive phishing campaigns that are far-reaching and significant in financial losses.
The World Health Organization (WHO) posted a notice that brings to light phishing attacks pretending to be officials from WHO sharing medical information with the global health community. These documents & attachments contain malware and should be avoided at all costs.
A research report from Check Point security discovered that 4,000 coronavirus-related website domains had been registered since January 2020. No credentials or accolades are needed to register a website domain containing the phrase ‘coronavirus’ or verbatim. Many of these websites have malicious intentions as they will try and lure you to donate or provide other personal information to a campaign.
Reduce your risk of phishing and extortion
Take the time to educate yourself & others about phishing campaigns during a medical outbreak such as coronavirus. You may begin to receive emails asking for charitable donations to medical funds or other contributions to be made in the form of online payments. Take preventative action and research the organization who is reaching out and validate their processes. Think critically and don’t start clicking on links from these suspicious messages, even with the best of intentions. Check the validity of incoming messages and examine the domain & other credentials included in the email message.
The medical industry will feel the lasting effects of coronavirus-related phishing campaigns and extortion based attempts to spread malware & other malicious activity. Products & websites claiming to have a cure for the coronavirus have already been identified by the Better Business Bureau and more scams are suspected to arise.
Working from home
As businesses face decisions about whether to have their workforce come into the office or work from home, employers should consider their cybersecurity policies relating to remote work. Businesses should understand the risks associated with remote workers and their impact. Organizations should make sure they have an incident response plan in place so they are prepared to respond to cyber threats. Secure your remote workforce from cyber threats during this time. If you’re a business that usually does not allow employees to work from remote locations, this is a great time to implement these cybersecurity policies & procedures.
How to secure your remote workforce
As a supplement to the video above, we’ve outlined the best cyber security practices to keep you safe from these cyber threats:
Use a VPN
A Virtual Private Network (VPN) can be utilized to keep your IP address & location information safe from cyber threats. Using a VPN is a secure way to transport data across your company network. If you are connecting from a public WiFi network, it is essential to connect through a VPN.
Bonus tip: Set the encryption level to at least 256 bit for increased security.
Enable two-factor authentication
Before employees are allowed to work remotely, ensure they have two-factor authentication enabled on their email accounts other access portals where available. This extra security layer will require an additional credential (beyond a single-password) to gain access to email and your business data. This is effective to prevent unauthorized users from using your computer or logging in from a remote location using a previously stolen password.
Each and every computer used by a member of your organization needs to have a strong antivirus solution in place to stop malware attacks. Antivirus software can help detect incoming cyber threats, such as ransomware, that might otherwise go undetected on the network. Windows users have Windows Defender which can be a good start.
Keeping this anti-virus solution up-to-date is critical, as updated patches will thwart newer attack vectors and malicious programs used by cyber criminals. Those looking for extra protection should consider endpoint detection and response (EDR) as a fortified security solution.
Update software & operating systems
Enable automatic-updates for all your software and operating system which will automatically start the update process when it becomes available by the software manufacturer. This is such a simple and effective cyber security habit, which is often overlooked.
Cyber criminals can exploit vulnerabilities in previous software releases that many people may still be using, thus giving leverage to the hackers. We know updates to your computer takes time, however don’t ignore that update notification next time it appears on your screen!
Strong data backup process
Organizations need to have a strong data backup process in which backups are taken offline from the network to keep safe from ransomware attacks. If your company keeps data backups locally or on a network attached storage device, these can easily become encrypted when cyber criminals come to deploy a ransomware attack.
Many companies think they are performing proper backups, however they’ve never tested a restore on their network using these backups. Ensure your company can recover from a ransomware attack by having backups offline and create an incident response plan.
Report coronavirus scams & cyber threats
As part of a communal effort to deter cybercrime in the wake of the coronavirus, we encourage businesses & organizations to report scams and phishing attacks they may be experiencing. Reporting cyber crimes helps our government agencies better deliver resources and awareness so that other organizations can steer safe from these cyber threats. If you are suspicious of a cyber scam relating to the coronavirus disease, it should be reported using the official Federal Trade Commission Complaint Assistant.