As organizations struggle to cope with the intense pressures of the COVID-19 outbreak, many of them are finding that their cybersecurity policies are in desperate need of an update. Whether it’s transitioning to a partially or fully remote workforce or delivering more essential services online, companies are becoming more dependent upon the internet than ever before to keep their businesses up and running. This has created an opportunity for cyber scams to exploit unsuspecting employees and lax cybersecurity policies.
What Are COVID-19 Cyber Scams?
Cyber criminals have long been capitalizing on major news events to launch a variety of scams targeting unsuspecting internet users. Linking scams to ongoing events provides schemes just enough plausibility that people might react to them and not exhibit the same degree of caution they might have under ordinary circumstances.
For instance, most people will raise an eyebrow at an email sent by someone claiming to be royalty from an obscure country who just needs a few thousand dollars to get home (and will repay you tenfold upon their return!), but an urgent plea from a charity asking for donations to deal with an ongoing crisis is much more likely to get a response.
Some of the earliest COVID-19 cyber scams showed up in Japan around the end of 2019. These scams took the form of phishing emails disguised as official public health announcements. With so much concern at that time about coronavirus spreading from China, such a message didn’t look out of place and likely convinced many people to click on the provided link or download attachments. Unfortunately, the email didn’t contain any useful information; instead, it downloaded the Emotet ransomware virus onto the user’s device.
Since those earliest cybersecurity attacks, there have been numerous additional scams spreading around the world just as quickly as the COVID-19 virus itself. From emails disguised as public health announcements to websites claiming to be charitable efforts to purchase medical equipment, cyber criminals have been quite creative in developing ways to tie their scamming techniques into the current crisis.
The purpose of all of these strategies, of course, is to obtain sensitive (and valuable) data. In most cases, this means financial data or personal information that could be sold or used in a variety of fraud schemes.
How Organizations Can Avoid COVID-19 Cyber Scams
Given the tremendous risks associated with data security breaches and ransomware, organizations need to take steps to shore up their network security. While educating employees is one of the most important ways to guard against cyber scams (more on that in a moment), there are many security measures that can be implemented to ensure business continuity even if someone is taken in by a scam. With increasing numbers of employees working from home and introducing new data security risks, it’s more important than ever for companies to be proactive when it comes to COVID-19 cybersecurity.
Here are a few risk mitigation steps organizations can take when it comes to their remote workforce:
- Secure connections for remote employees with zero-trust network access (ZTNA) or a virtual private network (VPN).
- Monitor networks continuously to identify abnormal activity.
- Manage and configure firewalls for improved depth of defense.
- Reassess disaster recovery and business continuity plans to account for a distributed workforce and a COVID-19 environment.
- Implement multi-factor authentication whenever possible.
4 Employee Tips for Avoiding COVID-19 Cyber Scams
Cyber scams are particularly effective due to the fact that they target individuals rather than organizations as a whole. Even a company with a strong cybersecurity posture can be vulnerable if someone in the organization unknowingly falls victim to a cyber scam that introduces malware into a network-connected device.
Fortunately, there are some simple, easy to apply tips that can help employees avoid COVID-19 cyber scams:
1. Avoid Links and Attachments in Unsolicited Emails
Most scams use the same tactics employed by marketers to convince users to take a specific action, usually clicking on a link that takes them to a malicious website or downloading an attachment infected with malware. Modern email servers screen out the majority of these messages, but a few of them will likely find ways to slip through.
Employees can prevent these emails from causing any damage by treating any unsolicited message as a potential threat. Reputable organizations generally do not send emails without first obtaining consent from the recipient, so if an unsolicited message shows up in an employee’s inbox, the chances are good it’s a cyber scam of some kind.
2. Scrutinize Anything Out of the Ordinary
Some scams are easy to spot with a little scrutiny. An email asking for donations to an obscure COVID-19 relief charity that is riddled with spelling and grammatical errors is unlikely to be legitimate (and, as previously mentioned, a reputable charity wouldn’t be cold emailing people anyway).
But what about an email from a company or senior executive requesting an information update to comply with new COVID-19 policies? Here, context is important. Even if an email looks legitimate, if it’s asking someone to take any action that the supposed sender has never requested before, something is very likely amiss. And if the CEO of an employee’s company has never contacted them directly, it’s worth scrutinizing the message a little more closely. Was it sent from an official company email, or did it come from a generic-looking address with a profile image snagged from the company website? Asking these simple questions before taking any action makes people much more likely to avoid falling for a scam.
3. Withhold Personal and Financial Information
The end goal of most cyber scams is to obtain personal or financial information from the victim. This could include bank accounts, credit card numbers, social security numbers, or passwords to otherwise secure systems. Every organization’s cybersecurity awareness program should begin and end with a reminder that employees should never, under any circumstances, provide this information to an unknown source. While there may be many situations where people do have to enter this data, that process always takes place behind multiple walls of security in order to meet leading compliance guidelines.
4. Verify Charities and Monitor the Latest Scams
The Federal Trade Commission (FTC) maintains a list of known charity scams that can help people to verify the authenticity of an organization they’re considering making a donation to. While it’s understandable that many people want to provide financial assistance to others during the COVID-19 crisis, they should make sure that the organization they’re working with is legitimate and will follow through on its promises. For other scams, such as phishing emails or social engineering schemes, the Cybersecurity and Infrastructure Security Agency (CISA) maintains a page dedicated to the latest developments in COVID-19 risk mitigation and management.
Combat COVID-19 Cyber Scams with a Trusted Partner
Partnering with an experienced managed cybersecurity service provider can provide organizations with the tools they need to protect their employees and essential systems from the latest cyber scams.
At Compuquip Cybersecurity, our team of cybersecurity experts works as an extension of your IT department to identify potential risks, shore up vulnerabilities, and manage ongoing threats. As a fully remote company, we understand the unique challenges of implementing and managing a remote workforce, which allows us to provide outstanding service and guidance as organizations transition to remote environments in response to COVID-19.
Contact our team today to find out how we can help keep your business secure under any conditions.
