Now that many businesses are operating remotely and society is online more than ever, cybersecurity threats are rising amidst the Covid-19 pandemic. With our work and personal lives always online, cyber threats are some of the most real threats we face. The World Health Organization has even seen the impact of the cybercrimes during the pandemic, and has published information on how to watch out for COVID-19-themed phishing scams. From an increase in phishing attacks to higher payments for ransomware it’s more important that ever to protect your business against cybercrimes.
The Covid-19 outbreak has distracted us and has us working and living in a way that we aren’t used to. With a lot of companies scrambling set up VPNs to allow for remote work, cyber criminals have adjusted their approach, going after more vulnerable remote connections that are not fully secure. Cybersecurity threats are rising amidst Covid-19 and are reshaping how we need to prevent them.
Awareness Against Increase in Phishing Attacks
Since the novel Coronavirus swept the globe, there has been an increase in phishing attempts to both businesses and personal emails. With more employees working remotely, it is crucial to have email protection and use email encryption when sending sensitive information such as financial and employee information.
Many businesses and individuals are being targeted via phishing emails impersonating financial institutions such as banks and credit card companies. Email scams are typically offering deferred payment options or emergency loan eligibility. They request the user to click a link, which will take them to a page asking them to enter their username and password to gain access.
There are a few clear indicators to keep in mind to help identify phishing attempts. User training and awareness on identifying phishing attempts is the key first step to help prevent them. Some quick checkpoints of basic things to look for are:
Requests for Personal Information – Any COVID-19 email requesting sensitive information such as account numbers or login information is a scam. Financial institutions and government agencies will not request confidential information via email.
- Are they asking for personal information or for you do log in to your account? Don’t provide sensitive information through email. Go directly to your account rather than through the page.
Review Email Addresses and Links – Be sure to review the sender’s email to determine if it is legitimate. Also, check all links by hovering your pointer over the link until it displays the target URL.
- Check – make sure the email is correct. firstname.lastname@example.org Check the company following the “@” symbol. Anything other than @compudata.com such as @compu-data.com or @compudata.info wouldn’t be someone from CompuData.
Spelling, Grammar & Link – Keep an eye on spelling and grammar mistakes, as they are often an indication of a phishing scam.
- Check: Is the sender’s name spelled correctly? Is the link pointing where it says it is? Or can you go to the known sender directly to ensure it’s from them.
Urgency and “Act Now – Phishing attempts often try to create a sense of urgency and immediate action. Avoid emails that try to get you to “Act Now,” as they are often scams.
- Do you feel under pressure? If so, this is often a trap from scammers to get people to act right away before they have time to process.
If you see a scam report it to your IT department or IT provider. They can help identify if it is actually a phishing attempt if you are unsure as well and can help make other users in your company aware of the scam as soon as possible. With the increase in phishing attacks it’s better to take extra precautions.
Preventative Measures for More Advanced Ransomware
Ransomware attackers are more sophisticated than ever. In some cases the malicious actor will demand payment, and if you don’t pay them, they will expose your data. This is not only costly for businesses, but the downtime adds hidden costs.
Before, ransomware criminals would hold a company’s data until they paid the ransom. The overall impact could be mitigated by having strong backups, which would also reduce downtime. However, some ransomware criminals are off-siting data where not only are they holding your data in one location until you pay the ransom, but they’re holding your data in another location overseas. With the sophistication of cyber crimes, businesses need preventative security measures – now more than ever.
In an article published in Forbes “the average cost of a ransomware payment is$84,116. That’s a little over double the previous figure of $41,198 in less than a year.” The higher payment of ransomware doesn’t even begin to account for remediation costs, lost costs in downtime and the priceless tag of customer and employee trust. A data breach or ransomware attack can cost upwards of $1.5 million in remediation. The company will have to fix its own IT security vulnerabilities and damages, as well as any customers or employees who were compromised. Take a look at the Baltimore Ransomware attack. In an article by SHRM the hackers demanded a ransom in bitcoins worth about $76,000 but the estimated remediation expense was $18 million.
How to Better Protect Your Business Against Cybercrimes
As we are redefining how we are operating as businesses, we need to begin to reassess how we are protecting our businesses. Especially as business adopt more remote work capabilities and set more and more employees up to work from home (whether it is occasionally or full time). Below are the first steps to take to get started to better protect your business against cybercrimes with the increase in phishing attacks and more sophisticated breaches with higher payments for ransomware.
- Check Business Insurance – see if you have cybersecurity.
- Employee Awareness Training – educate your end users who will be the victims.
- Security Assessment – look at the preventative measures you take today and see where you can expand.