The COVID-19 pandemic is something nobody living today has ever experienced. It’s attacked our health and done extensive damage to our economy and way of life. If that weren’t enough, cybercriminals have added insult to injury by attacking under the COVID-19 guise.
Working remotely from home has become the “new normal,” and the trend will continue. Remote work can be a big plus for both employers and employees, but it comes with added risks that must be addressed.
The pandemic has unleashed a new wave of cyberattacks, with cybercriminals doing their best to take advantage of untrained workers using new and unfamiliar remote applications. Every company, small and big, are being targeted, including the U.S. Department of Health and Human Services which sustained an attack in mid-March.
To this point, in 2020, the FTC has received over 15,000 coronavirus-related consumer complaints of fraud and scams. Seven thousand two hundred charges in the first nine days of April resulted in $7 million in damages.
In 2019 the FBI’s Internet Complaint Center (IC3) received 467,361 complaints with losses exceeding $3.5 billion. Considering the current climate and increase of cybercrimes, companies big and small need to implement some basic risk avoidance measures to survive.
The most common cyber crimes
Today cybercriminals are leveraging the Coronavirus pandemic as the cornerstone of their cybercrimes. They masquerade as trusted entities presenting important information or selling high demand products. The most commonly seen form of attacks includes:
- Phishing
- Malware Distribution
- Remote Application Attacks
The cybercriminals orchestrating these attacks are taking advantage of a concerned and anxious public. The top two actions they lure people into taking are:
- Clicking on a link or downloading an app that leads to a phishing website or downloading malware. One app claimed to provide real-time COVID-19 information. In reality, it tricked people into providing admin access to install “CovidLock” ransomware on their computer or device.
- Opening a file in an email that contains malware.
Best practices for avoiding & minimizing cybercriminal attacks
Train Your Employees
The first step to prevention is the ability to identify a potential threat. Companies should invest in training employees on what to look out for and avoid online. Basic tips include:
- Employee Education — Employees need to understand terms like phishing, spear phishing, whale phishing, and phone phishing.
- Attachment Awareness — Never open an attachment from an unknown source.
- Link Awareness — Never click on an unknown link, especially in an email from an unknown source.
- Emails from “Experts” — The CDC doesn’t send emails to the public. Any emails claiming to provide inside information on COVID-19 should be considered spam and flagged.
Cybersecurity Best Practices
Being aware of possible threats is only half the battle. Tightening up cybersecurity practices, and making it difficult for cybercriminals to breach your security system goes a long way in mitigating risk. Cybersecurity best practices include:
- Multi-factor Authentication — Make sure it’s enabled on all account logins.
- Passwords — Never reuse a password. Always use strong and unique passwords for each account.
- Anti-virus Software — Every computer should have the latest available anti-virus software with malware detection.
- Lockdown — Enable a lockdown screen and encrypt all company devices.
Cybersecurity insurance coverage
Even when you do everything right, you still may get compromised. Cybercriminals are professionals and know their way around software. Once security measures have been breached, the damages can be catastrophic. Any business under attach will need a team of cyber and legal experts to help navigate the situation. Discover more about McGowanPRO and how we can assist accounting professionals and firms.
For questions about coverage please contact Rob Ferrini at rferrini@mcgowanprofessional.com.