Criminals are taking advantage of COVID-19 fears to launch a new wave of cyberattacks.

With an immense amount of FUD (fear, uncertainty, doubt) circulating regarding coronavirus/COVID-19, cybercriminals are playing on those emotions and have already begun to alter their attack methods, patterns, and content. We have received multiple reports from our customers, along with threat identification in our Security Operations Center (SOC), of attackers using coronavirus-related messaging in their phishing attempts for email compromise and malware/ransomware infection.

Cyber criminals are feeding off the public’s fears and concerns by altering their content in phishing emails to appear to be trusted health organizations such as the WHO, CDC, and other governmental branches across the world. These emails are designed to exploit our human desire to get more information, protect ourselves and our families, and stay up to date on the coronavirus pandemic. Unfortunately, many of these emails are well crafted, and many of your employees could fall victim to these attacks.

Extend these threats into a time when many companies and organizations have a significantly increased remote workforce, with unknown, untested, or simply non-existent security controls in place, and you have a recipe for disaster.

But all is not lost! You can stop these kinds of attacks from doing damage in your organization.

Education and communication are key

Communicate with your employees, your management staff, and your IT staff or partners. Discuss how they are working to not only prevent these attacks at a technical level, but at a training and social level. Reinforce the message of “look before you click” and “see something, say something.” Remind your employees to be extra careful during this period of time, and to take excessive precautions on how they are performing their job functions remotely.

Communicate with your partners, business associates, and vendors. Make sure they understand that your organization must have increased scrutiny over documents, links, and other items that are sent over email. Know your contacts’ phone numbers so that if something looks a bit off, you can call them directly. It’s a 5-minute phone call to ensure the safety of your company, and it builds rapport with your contacts. (Sometimes a quick “How ya doing?” can go a long way, especially when many of us are working from home with little social interaction!)

And last of all, use existing resources to help. SANS has a great “Work from Home Security Awareness Kit” available for free online. Check it out and apply some of the best practices with your employees.

Ready to talk about your business’ cybersecurity efforts? We’re here to help put you on the right path. Contact us today.