Vile and contemptible fail to adequately describe hackers’ actions during the recent COVID-19 outbreak. But nothing these people do should surprise anyone anymore. Among ways they’re trying to stoke and profit from the current calamity is by bombarding companies and at-home workers with coronavirus-themed email-phishing attacks.
Be advised: crooks’ deceptions have become very creative and convincing, with phony messages and appeals ranging from miracle virus cures to urgent advice from healthcare officials. Predictably, email recipients also receive irresistibly compelling offers for now-scarce items, such as protective masks, hand sanitizer and, of course, discount toilet tissue. Unfortunately, these ploys are working, which is why criminals have put their foot on the gas.
Hooked by Phishing
One recent report from cyber threat researchers at Barracuda Networks reveals a nearly 700-percent increase in COVID-themed emails from February to March, 2020 alone. Those experts classified the majority of messages as scams, one third as attempts at brand impersonation, and 11-percent as user-blackmail attacks. A report from Zscaler affirms the massive crime spike. Their data shows a 15- to 20-percent increase each month since January in overall hacking incidents; it also exposes a huge jump in hacking threats using terms such as ‘coronavirus’ and ‘COVID-19.’
5 Ways to Fight Back
Cybercrooks have decided that now, while companies are frantically adjusting to a work-from-environment (WFH), is the perfect time to strike. They’re counting on you and your at-home teams to be distracted, distressed and too preoccupied to practice security protocols. But take heart. There are things your IT team or IT Managed Services Provider (IT MSP) can do right now to keep your firm from falling victim to nefariously hyperactive crooks.
1. Preach skepticism as a safeguard. More than 90-percent of hacking attacks begin with malicious email, according to Microsoft. So, when time permits, try to beef up email security-awareness training–possibly over videoconferencing. Remind teleworkers to ALWAYS verify email senders’ identity and NEVER click on suspicious links or download questionable attachments (especially those with a .exe extension). In addition to flagging obvious virus-themed terms, warn employees to watch for subject lines trumpeting a ‘new work-from-home policy,’ or ‘new security procedures,’ and even ‘account lockout alerts.’ Wanting to do the right thing, busy, distracted people could be duped into disaster.
2. Lockdown work-from-home computers. When teleworking, staff will naturally gravitate toward using personal laptops and mobile devices. Our advice: don’t let them. Wherever possible, issue company-owned, company-secured devices, with all applications freshly and fully patched, and invisibly configured to receive automated updates. As a routine step in securing at-home equipment, verify that all network-connected computers are not using old operating systems and use an activated, up-to-date firewall.
VPN. When installed and verified by security experts like TeamLogic IT, a virtual private network (VPN) can provide an extra layer of privacy and security. In light of current events, however, there is a lot of information flying around the internet about personal and enterprise VPNs. Much, but not all of it, is fairly clear and accurate. Some is downright misleading about what VPNs can and cannot do. If you have questions about VPN technology, configurations or other considerations, give us a call and let us assist you.
2FA. Multi-factor authentication (MFA) is another prudent security precaution that’s sometimes shrouded in mystery and confusion. Especially in smaller companies with fewer employees. We provide this service extensively and are happy to help you explore it, as well.
3. Tighten up your password strategy. Remind anyone who’s working at home–executives included–that data security, including effective password management–is everyone’s responsibility. Restate and reinforce the company password policy, if you have one (and contact us if you don’t). Also, if you don’t require the use of modern-day password managers, consider speaking with us or your internal IT team to review the pros and cons. In many cases, the former outweighs the latter. But, like so many technologies today, the choice of available options can be daunting. So, it’s usually best to get an expert opinion.
4. Limit network access. You’ve probably done it recently, but if not, have your IT pros review all employees’ access rights and privileges. Make sure that people can only get to the information needed to perform their duties. Nothing more, nothing less. This single step will go a long way toward reducing risk and keeping curious teleworkers from straying off their digital path. Remember to purge credentials and identities of anyone (at any level) who has left the company. A network assessment will provide a list of currently enabled users for reference.
5. Facilitate communication. Until normal operations can resume, make sure to communicate regularly with at-home staff. This not only keeps everyone informed and on the same page, it also demonstrates leadership from you and your managers. Despite their ‘new reality,’ most employees will strive to be responsible and follow your instructions. Just be sure to give them the resources and opportunities to do so–like providing an IT help line or support desk. The show of support will ease workers’ minds, keep them productive, and ultimately, reduce your company’s security risks during these tumultuous times.
Get Help. Call Today.
Opportunistic crooks expect you’ll let your guard down. But now is exactly the time to remain alert, proactive and vigilant against attack. Since the coronavirus outbreak, TeamLogic IT has fielded thousands of calls from small- and medium-sized business owners asking for advice and information about a wide range of topics and services, including: Cybersecurity, Videoconferencing; Business continuity; Data backup and Disaster recovery. We are here to help. Find a TeamLogic IT location nearest you and contact us today.