COVID-19: A Time of Transition for Companies and Hackers
Miller & Martin PLLC Blog | March 27, 2020
Author: Lynsey Barron
In response to public health concerns, many employers are encouraging their workforce to telework where feasible. Such measures are critical to keeping business moving and the economy afloat, but they can also present increased risks for employers and increased opportunities for criminals.
Unsurprisingly, the reliance on remote access has opened wide the field for cyber criminals, who are always ready and eager to exploit the chaos of transition. Hackers frequently use fear tactics and take advantage of popular news topics, such as COVID-19, to bait their victims into exposing their networks and systems to criminal pilfering. One recent scam targeting Android users sent messages with a link to a purported coronavirus map. When clicked, the link downloaded malware onto the devices that allowed the criminals to spy on their victims through the devices’ microphones and cameras. Preying on a public desperate for coronavirus treatment information and the promise of hope, other common scams include phishing emails purporting to be from the Centers for Disease Control and Prevention (CDC) and other public health organizations. In less than 24 hours, criminals successfully lured 2,500 Windows PC users into exposing their devices to malware infections.
As an employer, there are ways you can limit your risk of the potential data exposure and business interruptions that accompany cyberattacks.
- First, check with your IT departments to make sure you are prepared from a cybersecurity perspective. Make sure you have an adequate detection and prevention tool, such as endpoint security software, to safeguard employee devices such as laptops, tablets, and smartphones that protect against malware and alert you to attempted attacks. Require employees to work solely through a secured Virtual Private Network (VPN) and not through a private network over which you have no control and therefore cannot protect. If you do not require multi-factor authentication for remote access, now is the time to make the investment. Consider implementing conditional access requirements, which require certain criteria to be met (such as geography requirements or even limiting access to known IP addresses) before access to your system is granted.
- Second, educate your employees about the increased risk of cyberattacks during their time of teleworking, and remind them of what they can do to stay vigilant. They should obtain information only from trusted websites and be wary of emails, links, and attachments from unknown senders. When in doubt, they should open a new browser and type in the URL contained in an email manually rather than clicking on the link embedded in the email. If employees see a suspicious email, they should not open it and instead forward it directly to the IT department. Similarly, employees should be mindful of the threat of spear phishing attacks, which are emails that appear to have been sent from a trusted source such as coworkers and supervisors but that are actually criminals in disguise. Just because an email looks to be from a trusted source, verify that the email address of the sender is in fact their known email address. Check with your IT department to make sure you have a phishing filter in place.
Remember that knowledge is power, and now is a good time to reconnect with your IT departments and employees to make sure everyone is doing their part to protect your business from exposure. Miller & Martin’s Privacy and Data Security team stands ready to help you prepare for and guard against cybersecurity risks, and to respond in the unfortunate event of a cyberattack.