Companies need to take precautions to ensure their employees, customers and brand reputations are safe and secure.

This week, VMWare released the results of its first cybersecurity threat survey. Ninety-two percent of survey respondents in the U.S. said the number of cyberattacks had increased in the last 12 months. A supplemental survey specifically found that a staggering 89 percent had been targeted by malware directly related to COVID-19.

Much of what we’re seeing is driven by the unprecedented times we find ourselves in. At the end of last month, it was estimated that around 42 percent of the U.S. population was working from home. According to a recent survey from IBM, however, many companies are still struggling with how to cope with this new reality. New information security policies have yet to be drafted and implemented, including personal device usage, password guidelines and mandatory companywide training.

Now more than ever, it’s imperative that companies take the necessary precautions to ensure their employees, customers and brand reputations are safe and secure.

Same Tricks, New Twist

Phishing: 

  • Email – Throughout the pandemic, cybercriminals have been playing on the uncertainty of the moment and people’s fears. Consequently, they’ve begun altering their content in phishing emails to appear as trusted health organizations such as WHO, CDC and other governmental branches across the world. These emails are designed to exploit our human desire to get more information, protect ourselves and our families, and to stay up to date on the coronavirus pandemic. Unfortunately, many of these emails are well crafted, and you could easily fall victim to these attacks.

Scams:

  • Tracing – You’ve probably heard about  contact tracing. It’s the process of identifying people who have come in contact with someone who has tested positive for COVID-19. Contact tracers are usually hired by a  state’s department of public health. People who had contact with someone infected with COVID-19 may first get a text message from the health department, telling them they’ll get a call from a specific number. At the end of the call, some states ask if the contact would like to enroll in a text message program, which sends daily health and safety reminders until the 14-day quarantine ends. But tracers won’t ask you for money or information like your Social Security, bank account, or credit card number. Anyone who does is a scammer.
  • Fraud and Phone Spoofing – Americans contributed nearly $450 billion to charity in 2019.  Unfortunately, through a scam known as charity fraud, that generosity results in scams that capitalize on a donor’s goodwill, often targeting the elderly.  This type of fraud may occur via a phishing email or via a phone call known as vishing and even from a spoofed phone number that is local or familiar to you.
  • Malware – Hackers continue to elevate their malware game and are now tricking victims using one of the most reliable online tools for information about the pandemic.  For example, hackers have essentially made a copy of the “Johns Hopkins University Live Coronavirus Map” and are using it to spread malware.
    Whoever posted the malicious downloadable app is attempting to take advantage of the strong public interest concerning the Coronavirus, but it requires the user to either download the app executable, or it could be distributed by email for the user to then install onto their local Windows system. Once downloaded and installed, it deploys malware called AZORult which is designed to steal credentials in the background (among other activities). Bottom line, if you come across someone offering a Coronavirus dashboard where you need to download software to view it, don’t use it!

These are just few examples of some of the common infiltration attempts PDI and other companies have been seeing.

But what do you do about it?

Information Security During COVID-19

Educate your employees – Every year, we send our employees through mandatory information security training. Here are some tips and tricks you can pass along to your employees as well:

  • Cloud services – Don’t put company information on unapproved cloud services. New, third-party apps may bring risk of data leakage. So, if you have questions, be sure clear it with the right internal resources.
  • Ransomware – If you receive a ransomware notice, don’t pay it. Report the breach to your security department. Ensure you have regular backups, and don’t click on unknown links in the first place.
  • Phishing and vishing – Beware of unexpected emails or phone calls requesting urgent action. Verify that unusual requests are genuine, and do not give your login details over the phone or email.
  • Passwords and MFA – Encourage users to use unique and complex passwords for each account, promote the use of password manages, such as LastPass, and require multi-factor authentication (MFA) wherever possible.
  • Report concerns to the IT department – Help stop events from becoming incidents by reporting them right away. Report suspicious phone calls, emails or strange behavior. And don’t assume security is already aware of an incident. If you spot something, let them know.

 Move to managed cloud hosting – Much like social distancing and masks are the recommended best practices for minimizing your risk of contracting COVID-19, distancing your critical infrastructure from your employees and wrapping it in managed cloud hosting and security monitoring minimizes your risk of a data breach. This is particularly true for organizations with limited IT resources. In addition to predicting critical system errors, providers who offer managed hosting often include monitoring services in the agreement that help companies guard against the kinds of attacks we’ve discussed in this blog. To find out more, here’s an announcement about one PDI customer who recently moved to PDI Hosting Services.

Securing your employees’ and customers’ data has never been more important. The best defense is a good offense, so before a breach occurs, make sure you’re taking the appropriate steps to minimize your vulnerabilities and protect your business.

You can thrive in today’s digital economy. Contact us today, to learn how we can help you transform your business.