The scams are out there
It’s hard to believe that people will take advantage of our current situation with the outbreak of COVID-19, but it’s part of the narrative. According to the Cybersecurity and Infrastructure Security Agency (CISA), cyber criminals could take advantage of public concern surrounding COVID-19 by launching cyberattacks1. Scams began surfacing back in January2 with coronavirus phishing schemes and are on the rise3.
The CISA notes phishing attacks, or the use of email and bogus websites created to trick victims into revealing sensitive information, will be used by cybercriminals looking to take advantage of COVID-194. Nationwide found that 29% of business owners have fallen prey to phishing attacks, according to its 2019 Small Business Owner survey5.
Disinformation campaigns will also be used by cybercriminals, as COVID-19 creates an opportunity to spread fear, manipulate public conversation, influence policy development or disrupt markets6. A disinformation campaign is typically used by cybercriminals to spread false information online. For example, a cybercriminal could share content about a fake government relief package for small-business owners. If the content is clicked on or downloaded, malicious software is spread on the user’s device.
Vulnerability of alternate workplaces
As organizations explore alternative workplace options in response to COVID-19, such as working from home, the security of information technology systems may be used by criminals to create cyber threats7. Coronavirus-themed ransomware is being used to encrypt a computer’s hard drive, enabling hackers to demand payment to unlock the information and files it contains2.
We did our own research
The Nationwide 2019 Small Business Owner Survey found that remote workers are a leading cyber blind spot for small-business owners5. This same study found that only 4% of business owners have implemented all of the cybersecurity best practices and recommendations outlined by the U.S. Small Business Administration.
Follow these guidelines
We looked at the best ways for you to protect yourself and your business from cyberattacks and decided the CISA did a great job of providing advice.
Tip 1: Combat phishing attacks.
Tip 2: Guard against disinformation campaigns.
Use trusted resources, such as government websites, for up-to-date information on COVID-19; review the FTC’s blog post on coronavirus scams.
Tip 3: Use secure internet connections.
Make sure you and your employees work only from secure internet connections. When accessing any confidential or sensitive information, avoid using public Wi-Fi networks7.
Tip 4: Secure your business’s information technology systems that enable remote access7.
- Ensure your virtual private network (VPN) and other remote access systems are fully patched
- Enhance system monitoring to receive early detection and alerts on abnormal activity; implement multi-factor authentication
Tip 5: Back up your systems to combat ransomware attacks8.
Ransomware attacks are a type of malware threat that locks valuable digital assets and files until a ransom is paid to release them. You should:
- Make sure you can restore your files should a ransomware attack occur by storing files offline and if possible, off-site
- Keep several days’ versions of backups, so you can restore your files using malware-free copies
Keep in mind, while real-time backup is convenient, it won’t be effective if your files are encrypted, because the ransomware will encrypt your files on the real-time backup.