Millions of employees may be out of work due to the COVID-19 pandemic but that doesn’t mean hackers are out of a job. In fact, they are busier than ever using the COVID-19 pandemic and mandatory work from home requirements to steal personal information from individuals, businesses, and even government entities. Some of their victims from March and April alone include ExecuPharm, GoDaddy, Nintendo, Princess Cruises, Norwegian Cruise Lines, Marriot, and even the Dutch Government.
Cameron Call, an IT consulting expert in Las Vegas with Network Security Associates shares how malicious hackers sneak into your business network.
How do Hackers Leverage COVID-19?
Hackers haven’t stopped using old yet effective techniques to gain access to personal and company accounts. Unfortunately, the current pandemic has enabled them to try out new scams such as the following:
- Sending email supposedly from the WHO, with attachments that purportedly contain important health information
- Imitating government emails and claiming that person needs to provide personal information to get a stimulus check
- Sending emails offering COVID-19 testing assistance
- Impersonating DocuSign or similar programs and sending attachments that look like business documents that need to be signed.
- Re-directing Zoom account users to fake website addresses
- Tricking employees into providing information on business Zoom meetings and then hacking into these meetings
How to Stop Hackers from Gaining Access to Personal/Business Accounts
Business owners would do well to remind employees to use basic cybersecurity procedures to keep accounts safe as they work from home. Common-sense guidelines include:
- Using strong passwords
- Setting up two-factor authentication
- Never sharing usernames or passwords via social media. This point also applies to log-in credentials for online meetings.
- Automatically delete any emails claiming to come from the WHO. The organization never sends email attachments unless you’ve specifically asked for them; furthermore, it does not request personal information, conduct lotteries, offer prizes, or appeal for funding via email.
- Never respond to emails that look like they come from DocuSign if you aren’t expecting to receive documents that need your signature. When in doubt, pick up the phone and call the person who supposedly sent the file.
At the same time, company owners should take measures to increase network security to keep hackers at bay. Partnering with an IT managed service is a wise idea, as such services offer the tools and expertise needed to keep networks secure with endpoint security, encryption, real-time data back-up, etc. What’s more, many IT managed services also offer ongoing IT cybersecurity training for employees that can help them work from home without needlessly endangering your network.
It’s also wise to reconsider the use of Zoom. The popular video conferencing platform has a history of security problems that have led to hacks, breaches, and legal action against the company. Microsoft Teams offers a secure, convenient platform for virtual meetings and you can download a free version of the program even if you don’t have a Microsoft Office business account.
While business offices in some countries and states are reopening, this doesn’t mean that everything is going “back to normal”. Many people will continue to work remotely either because it’s not safe to return to the office or because their employers have found that a remote work set-up is in the company’s best interest. In any case, this means that cyberattacks related to the COVID-19 pandemic aren’t going to go away any time soon. Business owners would do well to be aware of the dangers and take measures to not only protect the company from breaches but also protect valuable information by setting up a back-up system and disaster recovery plan to keep the company running smoothly should a breach occur. Strong cybersecurity procedures reduce the odds of being targeted by hackers, enabling your company to focus on reaching its core goals.