Cybersecurity has always been an important issue for businesses. COVID-19 has only created more opportunities for cybercriminals to attack; they’re taking advantage of the global health pandemic to scam the unsuspecting. We want you to be aware, so you can educate your employees and best protect your business.
Email remains the number-one means of cyberattack. Cybercriminals are increasingly sophisticated and always motivated. Today, companies from any industry of any size can face a targeted threat.
Whether it’s a phishing attack or a malicious attachment, these bad actors prey on human nature. They’ll target your staff’s heightened fear and desire to help or tap into the near-Pavlovian response to urgency or a “steal of a deal.” Right now, they’re looking to benefit from worldwide anxiety about the coronavirus pandemic. While businesses grapple with remote work processes, cybercriminals find new weaknesses.
We want to discuss the known cybersecurity threats related to COVID-19, how to educate employees, and ways to protect business email communications.
COVID-19 Scams Out There
Cybercriminals are nimble crooks who capitalize on current events. As soon as there is a fresh news story or angle for their attacks, they adapt quickly. Right now, they’re taking advantage of the coronavirus. As businesses change the way they work, bad actors see an opportunity to find new entry points. They’ll try any means to phish for sensitive data, breach systems or deliver malware.
- Scams aren’t new; it’s a matter of how they’re packaged. In the past, a Nigerian prince wanted to send you millions. Now, many governments are giving out money in the form of economic stimulus payments. The scammers leaped right in. Scam emails ask for bank information to pay relief funds directly, or the emails request other personal data you don’t want to reveal to a criminal.
- Fake bank, telephone or insurance company phishing emails are another problem. These ask for personal and financial information, lure the user into opening malicious links or attachments, or seek remote access to the user’s device. Emails impersonating healthcare organizations are also common. The CDC, WHO and other healthcare organizations aren’t reaching out directly.
- Downloading a “Safety Measures” pdf or the like could introduce malware or take an employee to a malicious site. A fake virus tracking app is set up to deliver malware. The “COVID19 Tracker” app infects a device and demands $250 in Bitcoin. Emails offering fake news about someone infected in the area are another tactic. Sometimes, cybercrooks target a business with a communication saying there’s a shipping problem caused by COVID. Saying a package is held up, the email encourages clicking on a malicious file or link to remedy the problem.
- Hackers are even gaining access to email addresses or relying on tricks to fool the busy reader into thinking the message is from within their own company. Then, they send links or attachments promising to outline company coronavirus policies. Additionally, since more employees are working from home, spammers are sending fake messages saying their email password has expired or is compromised. Often, these will ask the user to log in to view the necessary documentation or to update their account. If the user doesn’t question the communication, bad actors capture employee access information.
People are the foundation of your business success. At the same time, they can also represent a real security threat. According to Experian, only 45% of companies have mandatory cybersecurity training. Yet your staff needs to understand the many ways in which they can put your business at risk. IT can’t be the only team making cybersecurity a priority.
Educate yourself and your company about potential cybersecurity issues:
- Use caution and question the source of any communication with links or attachments. Hovering over URLs can show where the link leads. Clicking on the name of the person who sent a message should reveal the true email address that the message was sent from. Grammatical and spelling errors are often a red flag, too.
- Remember to always install the latest malware, antivirus protections and security patches on all applicable computers and devices.
- A stolen laptop or someone accessing an on-site computer can easily lead to a breach of private company data.
- Report suspicious emails, communications and potential compromises as soon as possible.
Email Protection from WebDrafter
Even after you’ve taken the above advice to educate employees, there are still risks. Some of these emails are very convincing. People are busy, working fast, tired and overly trusting. Additionally, these particular scams are targeting our preoccupation and fears around the coronavirus.
At Webdrafter, we host the email for many businesses, and our email servers are manually configured to protect you against the most common attacks. We have filters in place to prevent spam and unwanted content. However, these filters may need to be adjusted from time to time. If you notice more spam in your inboxes than usual, let us know. We can create a custom-tailored filter based on your messages to remove most (if not all) spam, while minimizing the risk of having legitimate emails sent to your junk box.
If you would like more information on cybersecurity and email hosting, feel free to contact us.