The Coronavirus disease has not stopped cybercriminals from engaging in cyber scams. Criminals have unceasingly sent emails with malicious attachments or links to fraudulent websites with the intent of tricking individuals, small and medium enterprises, and large organizations into revealing sensitive information or donating to fake charities and causes.
Moreover, remote work arrangements have increased the use of virtual private networks (VPNs), which are vulnerable to malicious cyber attacks.
It’s best to be vigilant of these cybersecurity threats, which include:
Phishing. Criminals use Coronavirus or COVID-19 as a lure. In an example, an email will be sent to persuade the recipient into clicking a link or downloading an app that leads to a phishing website, which then tries to gather valuable data such as user credentials and credit card information.
To look legitimate, phishing emails will appear to come from a trustworthy source, such as the organization’s human resources department or an institution such as the World Health Organization.
Be on the lookout for email subjects such as 2020 Coronavirus Updates, Coronavirus Updates,
2019-nCov: New confirmed cases in your City, and 2019-nCov: Coronavirus outbreak in your city (Emergency).
Some phishing attempts have been carried out through text messages, with financial incentives as the lure.
Malware deployment. In some cases, an email is sent to persuade a recipient to open an attachment or download a file from a linked website. Malware is then executed, which compromises the recipient’s device.
Attacks on remote working infrastructure. The rise of remote working has led to an increased usage of VPNs, Microsoft’s Remote Desktop Protocols, and communications platforms such as Zoom. Cybercriminals exploit known system vulnerabilities to launch phishing attacks.
Mitigating cybersecurity risks
Mitigating these risks start with on a user’s ability to identify phishing emails. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued guidelines to help spot a phishing email:
- Is the sender claiming to be a bank, doctor, lawyer or a government agency? Phishing emails invoke authority to gain a recipient’s trust.
- Is there a sense of urgency? Are you given a limited time to respond? These emails often mention consequences should the recipient fail to do what is asked.
- Does the message spark fear or curiosity? Appeals to emotion could convince recipients to click and find out more.
- Is the message offering something exclusive or in limited quantities? Fear of missing out could prompt recipients to take action.
Organizations need not wait for extraordinary circumstances to reinforce their defenses against these attacks. Aside from helping users identify and report these phishing emails, all incidents must be resolved as soon as possible.
As for communication platforms, online meetings should always be set to private. Require a meeting password or utilize the waiting room feature to screen and admit participants. Meeting links must be shared with specific people only and not on publicly available social media posts, for example. Screensharing options should be limited to the meeting host. Businesses must also ensure that all users have updated versions of remote access/meeting applications and that remote work policies adhere to information and physical security requirements.
ImageQuest’s cybersecurity training sessions help keep employees in Nashville, TN, Louisville, KY, and Bowling Green, KY, up-to-date with current industry best practices. Our IT security services also include:
- Security Assessment. Current capabilities are evaluated and a cybersecurity plan is recommended based on the company’s needs and budget.
- Managed Detection and Response. ImageQuest monitors networks 24/7, analyzes anomalies, and rapidly responds to security incidents.
- User Access Control. Systems are protected from malicious software.
- Vendor Security Review. ImageQuest conducts a risk assessment of a vendor’s product or service and assists with security measures as part of a Vendor Management service.
Founded in 2007, ImageQuest LLC offers managed IT services for companies in Nashville, TN; Louisville, KY; and Bowling Green, KY. Technology solutions include consulting, infrastructure, data compliance, cybersecurity services, and regulatory IT audit assistance. For more information, contact ImageQuest at 888.979.2679.