Coronavirus scams are everywhere.
During the evolving public health crisis surrounding COVID-19 (coronavirus), it is essential to remain vigilant in the days and weeks to come, online as well as out in the world.
It is likely you are tracking several news sources on this growing epidemic—now defined by the Centers for Disease Control (CDC) as a pandemic. While it is important to heed the CDC’s advice to wash our hands and keep social distance, we should also maintain our information and digital hygiene.
During a crisis, cyber criminals often accelerate their attempts at fraud. Misinformation spreads almost as quickly as the illness. Fake tips, false cures and unfounded conspiracies arise to take advantage of our emotions and confusion. As we search for answers, digital threats hide in the shadows for unaware victims.
Coronavirus scams can be anywhere. We must set our emotions aside and remember to think clearly about what we see and hear. Just as we should take extra care in washing our hands, we must be diligent in verifying all information is from a verifiable and trusted source.
Phishing emails and texts can appear to come from legitimate, trustworthy sources in attempts to get our information. Fraudulent relief organizations appear, soliciting our funds. Malicious websites, such as Corona-virus-maps.com, have popped up with the offer of useful information. The afore-mentioned example was discovered to contain trojan malware, distributed via infected email attachments, online ads and other social engineering methods.
Under current circumstances, even our workplaces are more vulnerable to these cyber risks. Companies are also presented with further exposure as they begin implementing social distancing solutions, such as letting staff work from home.
To that end, here are a few tips to help foster a safer experience for the workplace:
- Issue security policy guidance and rules. Annual trainings and email reminders from the IT department are not enough to keep good cyber habits top of mind for employees. A fresh reminder can go a long way to reinforce security best practices.
- Set up a VPN. A VPN system creates an encrypted tunnel that your internet traffic travels through so it can’t be seen by third parties. Setting up a virtual private network (VPN) can seem daunting but just requires a couple hours to configure and isn’t technically difficult. VPN with multi-factor authentication should be used as it is the strongest defense.
- Require encrypted and WiFi Protected Access (WPA) to secure networks. While no WiFi is totally secure, private password-protected networks are significantly more secure than public WiFi networks—especially those offered in cafes, hotels and other public places. You can always ask a business that offers public WiFi if private password protected networks are available.
- Password-Protect devices used by employees and third parties. Require employees to use strong passwords that contain letters, numbers and special characters. Avoid using the same password on multiple devices/accounts.
- Maintain anti-virus and anti-malware Software Remind employees to install and regularly update adequate security software on all electronic devices they use to perform work remotely. That can be a phone, tablet, laptop, etc. Some employers are eliminating BYOD options and mandating that employees use only employer-supplied equipment and devices.
- Power Down Encourage employees to power down computers when not in use. Powered off, computers are not accessible or susceptible to attacks or intrusions from the internet.
- Back Up Data. Regularly backup sensitive information and, depending on the importance of the data, make sure it is encrypted. Secure backups are the best strategy to prevent critical business disruptions in case of a ransomware attack.