COVID-19 Cyber Attack Awareness for Businesses
From the moment the coronavirus COVID-19 outbreak hit Canadian soil there have been numerous reports of phishing schemes gone rampant. Emails along with voice and SMS messages are arriving in hoards, purporting to offer individuals and households financial relief during this trying time. But malicious campaigns are by no means isolated to the general public, as small to medium businesses (SMBs) and enterprises (SMEs) are becoming primary targets.
Sure, hacking groups have pledged to leave healthcare providers alone (for now) but don’t let this supposed act of altruism cloud your judgement. It is an absolute certainty that they will shift all focus to other industries, including yours. Auditing vulnerabilities to cyber crime are a critical part of your corporate risk assessment through all 365 days of the year. But in light of recent events you need to be more mindful because attacks are evolving to take advantage of the state of disruption. Here is what you need to watch out for, starting today.
Cyber Threats SMBs / SMEs Need to Protect Against Amidst the COVID-19 Pandemic
Highly Targeted Corporate Phishing Schemes
Business and organizations across the country have been disrupted and are in reaction mode with status quo being flung out of the window. Phishing schemes thrive in this environment. Hackers have done their homework on your corporate hierarchy and have gobbled up near-match domains to mimic company email addresses. They will be firing off phishing emails to your staff, stakeholders, and even suppliers to request immediate fund transfers and/or sensitive information. They know that access-level people within your organization are in panic mode, and will be less likely to vet the validity of an email request, especially when it is tagged as being urgent in light of the current health (and economic) crisis.
Effective immediately, you need to lockdown your digital communications protocol. The following is a high-priorly list of what you need to institute:
- Have IT adjust email security settings and if necessary, switch to a more secure cloud-based email provider (i.e. MS Outlook)
- Have IT tighten hardware/computer security
- Employ multi-factor authentication (MFA) for all devices (including BYOD) and business applications
- Educate employees and stakeholders on email security best practices, with a dedicated tutorial on phishing prevention
If any of the above sounds like a daunting task, you may request immediate outside IT support to perform an audit of your communications systems. Contact SAV Technology right away.
Campaigns Against Vulnerable “Work From Home” Staff
Nearly every company from BC to Newfoundland has moved their workforce from the office to home. While this may protect personnel from the current health concern, it makes them and your company vulnerable to a whole other threat.
Work-from-home staff will be using less secure WiFi networks. In addition, they may not be using company secured hardware (desktops, laptops, and tablets, etc.) as they instead use their own devices to perform required duties. In addition, they will be more active on social networks during “work hours” without superiors around to monitor activity, which presents another online gateway for cybercriminals. All of this presents an unprecedented level of risk. Cyber criminals will enjoy a greater success rate when it comes delivering malware and phishing schemes to those working away from the corporate environment.
If viable, have your IT personnel assist in setting up and securing at-home workstations for your staff until they can return to the office. However, you still need to mitigate cyber risk by mandating the following work-from-home etiquette:
- Transition and backup all digital productivity tools to a secure cloud server
- Require employees to work from a secure home WiFi network as opposed to a coffee shop or other public space
- Institute the use of multi-factor authentication (MFA) for employees who need to sign into applications from both company-provided and BYOD (as permitted) devices
- Prohibit non-business social networking on laptops/devices that have been lent out by your company
- Enforce your new email security protocol (as per item #1)
For over a decade SAV Technology has been securing and supporting the IT infrastructure for SMBs and SMEs across the Lower Mainland of BC. We want you to know that we’re not going anywhere. Whether a current or future client we are at your side through the current COVID-19 crisis and beyond. Don’t let another day pass without better IT support. Contact us today to start with a friendly conversation.