Cybercriminals in the Age of COVID-19: Preying on Distraction & Distress

Whether this event has helped or harmed your company, one thing is for certain: it has taken up most of our attention and energy these past few weeks. This diversion of attention is what cybercriminals are counting on to execute successful attacks.

Behavior & Thought Deviation Are Key to Successful Attacks

Over the past few weeks, millions of companies have been forced to quickly pivot to distributed work environments to meet the social distancing standards recommended by political and healthcare officials. The rapid and urgent nature of this shift has resulted in many employees cutting corners on company cybersecurity protocol in favor of efficiency and expediency. We’ve been hearing stories from every industry about employees skirting, or even blatantly ignoring, standard security procedures and rules in their need to “work from home” while still having access to the files and data they need to do their job. A distressed or distracted employee may engage in the following risky or dangerous behaviors in their attempt to quickly transition to working outside the office:

• Transferring sensitive or confidential data from their work computer to a thumb drive to take home, then uploading that data to an unsecure device or file repository
• Changing passwords to simple, easy to remember combinations
• Failing to establish secure/private connections to corporate networks
• Delaying patches and update installations on devices in their home network
• Not exercising appropriate caution when replying, clicking links, or opening documents within emails

This last bullet point is especially pertinent. Since the end up February, coronavirus-related email attacks have shot up 667%. Some of the more widely-seen phishing emails may claim to be related to charitable contributions or general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits. The FBI also warns of fake CDC emails claiming to offer information on the virus. Scammers are leveraging malicious links in these fake emails to deliver malware to your computer so they can steal personal information or lock your computer and demand payment via ransomware.

Cyber-criminals are preying on the fact that people are feeling distracted, distressed, or anxious during this pandemic event, and as a result, may not use their best judgment with regards to cybersecurity best practices.

What Can You Do to Protect Yourself and Your Organization?

While cybercrime is on the rise, similar precautions for cybersecurity that existed before the pandemic still apply. Here’s how you can protect yourself and your organization during this time of increased risk:

1. Be wary of emails asking for any kind of confidential information or data. Double check the sender address for misspellings or invalid domains. Brand impersonation has been quite prevalent in coronavirus-related attacks. If you are suspicious of an email, don’t hit reply – instead, compose a brand-new email to the sender and confirm their request. Better yet – call the person directly to confirm.
2. Be on the lookout for emails from organizations you don’t normally communicate with. A lot of businesses have been sending out legitimate emails to notify their customers about the changes COVID-19 has wrought and how they are preparing. If you receive an email from a source that you know you haven’t subscribed to, it’s best to just delete it.
3. Install patches and anti-virus software to devices on your home network ASAP. By failing to do so, you could be leaving the gate open to cyber criminals attempting to steal sensitive company data you’re now working with from home. If you do not have a solid patch-management solution in place for your company, Envision’s Ground Control Managed Services team can help.
4. Ensure the tools that you are using to power communication and collaboration amongst your Distributed Workforce is secure. A security audit of your current workforce now that they are distributed across a number of locations and using a variety of endpoints and tools may be necessary to identify the security holes that were left open in your company’s reactive approach to COVID-19.
5. Train your people! Now is the perfect time to remind your team that even though working conditions have changed, the company’s commitment to security has not. Schedule remote training sessions on cybersecurity and make sure that the content has been updated to reflect current conditions. If you are not sure how to get started on this training, Envision’s training team can help there as well.

We Can Help

Are you concerned about the cybersecurity risk COVID-19 poses to your organization and its people? We can help your organization move away from the reactive approach COVID-19 has forced on many companies to a proactive strategy to best support your business and its people for the future. Contact our team today to get started.