Cyber criminals have come out of the gate strong in 2020, with the first few months filled with an abundance of cyber scams––particularly ransomware and business email compromise scams. Unfortunately, the current situation with COVID-19 presents even more opportunities for cyber criminals to succeed.
Cyber criminals can take advantage of the current climate of uncertainty and rapid changes in a variety of ways. One is in the proliferation of spam emails and phishing, with individuals looking for information on COVID-19 receiving “official” emails sent by criminals with links embedded with various forms of malware. Other scams that frequently show up in this sort of chaotic environment are phony charity scams where, through social media or emails, hackers ask individuals to donate money to a fake cause.
Additionally, as more businesses implement remote working options, it opens up vulnerabilities for cyber criminals to exploit. Depending on how they’re working from home (e.g., using a personal computer to access work systems), individuals may have access to websites or emails that would normally be blocked on a work network. Working on a home network or, in some cases, a shared network can also be a source of vulnerability if the network is not protected or is protected by a weak password.
As with all aspects of cybersecurity, good communication and education are a great first lines of defense. Employers should provide specific directions on how remotely working employees can safely access work environments and leverage available technology. Ensuring that employees working from home are using protected networks with strong passwords and accessing the work environment through VPN services controlled by the employer are also important. Dual factor authentication should also be utilized to ensure that, even if an employee’s credentials are somehow compromised, the second factor would prevent a hacker from gaining access to the employer’s systems. And, of course, ongoing employee training about best practices to avoid cyber scams remains critical.
In this respect, the old standards still apply even amid all the chaos. Avoid clicking on links in emails that weren’t expected or that are generic emails from unknown sources. Carefully review email addresses to make sure they’re from legitimate sources. Verify any directives to transfer funds by telephone with appropriate individuals. If you’re working from home, treat it like you’re working in your office. Don’t visit unusual or suspect websites on work computers or while operating in work environments. And, absolutely don’t provide your credentials to anyone or on any website except in the manner specifically directed by your employer.
It’s an unfortunate reality that criminals will look to prosper in difficult situations like the COVID-19 outbreak, and this situation in particular presents many opportunities for cyber criminals to thrive. Employers need to be extra careful in providing clear direction to employees who’re not used to working remotely and need to ensure they deploy appropriate technological safeguards. Likewise, employees need to be extra vigilant at this time, not only when accessing work systems remotely but in dealing with all forms of electronic communications, whether emails, websites, or social media.
If you have any questions regarding the content in this alert, please contact Nick DiCesare, Cybersecurity Team leader, at ndicesare@barclaydamon.com or another member of the firm’s Cybersecurity Team.