Give Your Employees An Edge Against CyberCriminals By Training Them To Identify COVID-19 Hacking Scams
During the pandemic surge, organizations scrambled to augment their remote IT infrastructure and pivot to increase work-from-home productivity. Leveraging the Cloud proved invaluable to effectively negotiating stay at home mandates. Unfortunately, too many outfits left themselves needlessly exposed to cybercrime.
Newly minted remote employees were unprepared for the wave of COVID-19 hacker schemes. As the saying goes, “never let a good crisis go to waste,” and hackers pounced on untrained workers. Many decision-makers plan to keep some if not all of their current remote workers offsite and out of harm’s way. But to keep digital assets safe from the criminal intent of hackers, it’s crucial to deliver ongoing cybersecurity awareness training.
The Threat of COVID-19 Hacking Scams Remains Critical
Although states are reopening economies, it’s critical to adopt a sense of cybersecurity vigilance. Cybercriminals have yet to slow their efforts, and many people are expected to continue working from home into the fall and, perhaps, permanently. A recent Forbes article considers ongoing COVID-19 schemes and why they pose a heightened risk going forward.
“I have friends who are on an old home computer, their kids are doing homework, they’re running businesses, they’re filing taxes, and that’s an exposure point. (Hackers) are sending out a 300 percent increase in phishing emails about COVID-19 because they know that people are so petrified,” former CIA hacker Eric Cole reportedly said. “In our analysis over the last three weeks, 71 percent of all emails that you receive that say COVID-19 or corona are actually malware or attacks. Less than 30 percent are legitimate. So, you need to be so careful.”
Prevalent Tactics Used By Cybercriminals
During times of crisis, digital thieves tend to leverage human emotions to get people to make a critical misstep. The most used delivery systems for malware, spyware, and ransomware, among others, are electronic messaging and websites.
What online con artists try to do is get an unsuspecting worker to believe the message or website offers legitimate information or help. Once someone clicks on a link or downloads a file, hackers can control their device, secure login profile information, and penetrate your business network. These rank among the most-leveraged COVID-19 tactics being used.
- Phishing: This involves electronic delivery of a message that prompts remote workers to provide password information, click on a link, or download a file laced with malicious software.
- Spear Phishing: This takes a more targeted approach of specific personnel. Hackers typically include personal information culled from social media, networking platforms, or disguise an email as if it came from a boss or colleague. The strategy lulls people into a false sense of security that the message is legitimate.
- Password Spraying: This method exploits workers who use weak and repetitive passwords. Hackers utilize automation to run commonly used passwords through anticipated usernames.
“The two most dangerous apps on the planet are email and your web browser,” Cole reportedly said. “That’s how 99 percent of the attacks are going to happen. If you’re careful with email, it’s all about embedded links and attachments. With surfing the web, it’s all about ads.”
What Remote Workforces Need To Know About Cybersecurity
Whether the contact comes from email, text messaging, or a phone call, everyday people should never provide personally identifiable information to third parties. Criminals may attempt to pose as the IRS, local authorities, hospital administrators, even an in-house IT technician. Always use an alternative means of communication to verify a contact was authentic. In other words, call them back.
Beyond verification, industry leaders would be well-served to have a managed IT cybersecurity expert provide virtual cybersecurity awareness and training sessions on an ongoing basis. Providing workers with tips and information about emerging threats can help your valued team members form a determined defense.
On the technology side, Virtual Private Networks, two-factor authentication, and password management systems, among others, can enhance your business defenses. If you are a business leader whose team members are relatively untrained or not getting ongoing alerts, working with an IT firm with cybersecurity expertise could keep your digital assets out of the wrong hands.
National Security Associates provides ongoing cybersecurity consultations, and workforce training, in the Las Vegas area. Click here to contact the NSA to harden your digital asset defenses or call us at (702) 547-9800 today!