Feeling overwhelmed by the COVID-19 coronavirus outbreak? We don’t blame you. Between all of the cancellations, the tumultuous market, and the constant barrage of headlines and news, it’s been a lot. And not to add another thing to worry about, but there is a lesser-discussed threat to your business security that needs to be addressed.
As COVID-19 continues its spread around the world, impacting global economies and stock markets, cybercriminals are starting to use the situation to their advantage. Preying on basic human weakness, they are counting on fear and panic to make us do dumb things – like visiting sites and links we normally wouldn’t trust. And with more businesses moving to remote workforces, your security will be tested in new ways, leaving some organizations vulnerable to cyberattacks.
COVID-19 Cyber Threats
To date, more than 4,000 COVID-19 coronavirus websites have been identified on the Internet, a fair percentage of which are not “friendly.” There have also been a number of new “coronavirus themed” phishing campaigns popping up.
Often, these phishing emails include malicious links directing users to websites requesting they enter personal information or login credentials. This is then used to obtain unauthorized access to your computer and systems. If an attachment is included, it often contains a link back to a credential-harvesting website or embedded code that will attempt to install malware on the victim’s system. Some cybercriminals are even targeting smartphones, releasing applications that purport to provide “real-time updates” for this global emergency all while actually compromising the user’s phone and data.
What You Can do to Secure Your Business
It’s important to keep a level head during times like this and remember security basics. Cybercriminals are relying on human error and fear to help them gain access to your systems and data. But vigilance and common sense can thwart their attempts.
As a business, your team should remain aware of the threat. As a general rule of thumb, if you receive an external, unknown email containing links or attachments referring to the COVID-19 disease, do not click or open them. These messages should be deleted immediately or flagged as spam using your built-in email filter options.
With some basic education to your team on the current threats and by following some general best practices, your business can remain secure and stable. Read on for more of our team’s email safety, cybersecurity, and remote workforce tips.
Email Safety Best Practices
If followed, these tips will drastically reduce the probability that a malicious COVID-19 phishing email succeeds in your business. Educating your team on best practices is essential. Cybercriminals know your business’s weakest point is your people, and they will try to use that against you.
- Do not click links or attachments within an email unless you are certain it is coming from a trusted and reliable source, and you are expecting something from the sender.
- Verify the email address is correct. A lot of phishers use similar email addresses to fool the recipient into thinking it is a legitimate email from someone they know or work closely with often. A common trick is to add an extra letter or an “s” to the end of a domain name, or using letters that are, at first, visually very similar. Even the “sharks” among us have been duped on this so pay particular attention to the details!
- If you didn’t request the information, always call a known valid number to verify. Don’t just use the phone number listed in the email.
- If you receive an unwarranted password reset notification from a particular site, don’t click the link in the email. Rather, type or search the website in your browser. It may also be a good idea to change your password, even if the email was invalid.
- Be aware of misspellings, poor grammar, and branding differences. Cybercriminals are becoming more mature in their attempts, but many of them are still sloppy and include very telling errors if you’re paying attention.
- Make sure your organization utilizes an email spam filtering tool, like Microsoft’s Advanced Threat Protection (ATP). This will block a majority of attempts from reaching your inbox.
- Ensure your compliance with any regulations unique to your business or industry.
- Enable 2-factor authentication on all sensitive applications/data stores.
- Run a cybersecurity audit and network assessment focused on attack surfaces and points of entry. Identify where your sensitive data is and map it against your access points, both internally and externally. Determining how hackers can “get in” and what they would have access to will help you prioritize your threat level and next steps.
❯❯❯Test your current security risk with this helpful 12 question quiz.
GET IT NOW
- Confirm that your operating systems have the latest security products and updates, including programs that can detect breaches and threats within your network. Your firewall protection is only going to be effective when it’s running the most current version.
- Confirm that your firewall has intrusion protection and content filtering enabled.
- Geo-filter IP addresses from outside your company’s locations.
- Define your data access permissions across your organization. Establishing clear roles and enforcing restricted rights will reduce your risk of human error leading to a data breach.
- Establish password protocols, including regular refresh cycles. Encourage staff to avoid passwords comprised of proper nouns, common digit replacement techniques, or keyboard patterns. Instead, they should opt for a meaningless combination of letters and numbers for optimum security, or employ this passphrase strategy.
- Invest in industrial-strength firewall and end-point protection, anti-malware, and anti-viral programs to thoroughly establish your business’s “defense-in-depth” security strategy.
- Safeguard your sensitive data with encryption protocols.
- Educate your team. At the end of the day, your people are your greatest weakness. Human error was 2019’s top data threat, and hackers know it. Train your team on the latest social engineering tactics so they do not undermine your organizational security by absentmindedly opening a malicious email, attachment, or link.
- Determine what data you want available outside of your business walls. While cloud computing is ultra-convenient for today’s mobile workplaces, there may be information that you do not want accessible remotely.
- Reassess (or develop!) your business continuity and disaster recovery strategy.
❯❯❯Get our tips for a well-rounded business continuity strategy.
Steps to Enable a Remote Workforce
Based on the current situation regarding the COVID-19 pandemic, you may need to consider moving a portion or all of your workforce remotely. Protecting both your people and your data are essential priorities. This may be an easier transition for some businesses than others. Depending on your current IT environment and internal systems, you may need require extra guidance. That said, the below tips can help your IT team enable remote, out-of-office work for your team.
- If your business has not already, embrace the BYOD (Bring-Your-Own-Device) mentality. This allows users to utilize the devices that make the most sense for them, like a personal laptop if your business uses mainly desktop workstations. Doing this means that your applications must be accessible across devices.
- Move applications to the cloud. Your servers, email, phone systems, and business applications are all technologies that can be migrated and hosted in the cloud. Doing this means they are no longer geographically dependent, so it lends itself perfectly to a mobile workforce.
- With everyone working from remote sites, it will become even more essential to bring your team together for collaboration. Enable proper collaboration and sharing tools for easy file storage and communications. The easier information is to access, the easier it is for your team to be effective and productive while working remotely.
- That said, remote enablement can also mean opening your organization to more cyberattacks. Data security does not go out the window with cloud applications. Assess your vulnerabilities and weak points. It is best practice to engage an industry expert, like Eide Bailly, to verify your information is safe from outside or internal data threats.
Need help establishing a plan to support remote workers? As trusted advisors, we are here to help you navigate this important transformation putting your security at the forefront. With today’s business climate, peace of mind and trusted solutions can help establish calm during tumultuous times.
Get in Touch
Our security team is here to help you manage your risk and systems.