Ideas to help you protect yourself and your business in the current environment.
The coronavirus has changed the way people are working and communicating across the globe. While businesses of all types adjust to rapidly shifting circumstances—and millions of employees are rising to the challenge by working from home—cyber criminals are attempting to capitalize on this situation by compromising information and stealing assets through scams.
“Cyber criminals are known for exploiting unfamiliar circumstances, particularly in times of great change,” says Craig Froelich, Chief Information Security Officer for Bank of America. “By acting quickly and knowing what to look for, businesses around the world can identify and eliminate coronavirus-related scams as we work to protect what matters most.”
“Cyber criminals are known for exploiting unfamiliar circumstances, particularly in times of great change. By acting quickly and knowing what to look for, businesses around the world can identify and eliminate coronavirus-related scams.”—Craig Froelich, Chief Information Security Officer, Bank of America
Recent cyber crime attempts include:
- A downloadable app for tracking coronavirus cases, which resembles maps created by legitimate public health institutions but contains malware that can infect or freeze devices
- Phishing scams in which fraudulent emails that appear to come from the World Health Organization, the Centers for Disease Control or charitable organizations request personal information or urge recipients to click on malware-infected links.
- Robocalls offering coronavirus treatments or assistance with government stimulus payments, in which personal information is requested.
Despite these concerns, there are many defenses you can combine with best practices to protect your company’s data and finances.
With many of us working from home, and businesses working to adapt to the new circumstances, it helps to remember the key ways in which cyber criminals try to take advantage of companies large and small.
Phishing messages are emails that appear to originate from known or credible sources, but are in fact from cyber criminals trying to exploit disrupted work environments and gain access to business data. Embedded links also may install malware onto a device.
Vishing attempts—voice combined with phishing—come via your phone. Robocalls are a method used to scam people and businesses out of data and money. Criminals will create a sense of urgency to incite quick responses from their targets.
Employees forced to work remotely may install apps to stay current on news or to streamline work processes. They should make sure to download apps from reliable sources and make sure they do not violate company guidelines if they’re installed on work devices.
As workers and private citizens seek current information, cyber criminals also are spoofing websites that provide updated information about the coronavirus, hoping that visitors will click on embedded links.
How to proactively protect your business or employer:
When working from home, only use wireless networks that are secured and require a password. Avoid public Wi-Fi networks, and never conduct any financial or confidential work over a public Wi-Fi connection. Utilize company VPNs whenever possible.
Conduct all business matters on company approved devices, especially when working remotely.
Never trust unknown individuals. Verify any communication that claims to be “urgent,” and do not send any information to recipients you cannot confirm as legitimate.
Do not discuss confidential information around your family, and do not allow other family members to use your work devices for recreational use when working remotely. As much as is practically possible, conduct your work in a private space.
Ensure communication validation steps are followed when working remotely to ensure company information and data stays secure.
Don’t delay. Acting quickly after an incident can minimize damage to your business.
Follow your company’s protocols if you think your company device has been compromised.
Document everything about the incident. The more information you have, the better armed you’ll be to assist an investigation by your company and law enforcement officials, and the better prepared you’ll be against future incidents.
Change all passwords that may have been breached.
Contact your bank’s relationship manager to freeze transactions as soon as you can.
Disconnect your device from your company’s network if you suspect you have been the target of malware.