The importance of reinforcing your company’s cybersecurity during the COVID-19 emergency

The uncertainty that COVID-19 has caused for businesses like yours has left a huge window of opportunity for hackers to attack not only your organization’s computer systems but also the home networks/Wi-Fi systems of your remote employees.

For this reason, Fred C. Church wants to make sure you are aware of the most common cyber scams being reported right now. We also want to share some important tips on how to boost your company’s cybersecurity by collaborating with your IT team and employees.

The top COVID-19-related scams currently targeting employees and companies

Spam, malicious websites, malware, and phishing messages are all methods cyber criminals have been using for years to trick you and your employees into enabling access to your company’s computer networks. Now, however, many of these cyber-attacks are being customized to reference fake COVID-19 websites or falsely request funds for The World Health Organization and other charitable organizations.

More specifically, here are two scams you, your employees, and IT team should be watching out for:

1. Malicious Website Emails

A recent article on Forbes.com indicates that hackers are registering multiple malicious websites and sending out masses of scam emails at a truly unprecedented rate. The ultimate end-game for cyber criminals who are setting up fake websites is to make money from the COVID-19 pandemic. In addition, they are trying to get personal information from web users and attempting to infect their computers with malware. The Forbes article provides some of the domains that have been cited as potentially dangerous, including:

  • coronavirusstatus[.]space
  • coronavirus-map[.]com
  • blogcoronacl.canalcero[.]digital
  • coronavirus[.]zone
  • coronavirus-realtime[.]com
  • coronavirus[.]app
  • bgvfr.coronavirusaware[.]xyz
  • corona-virus[.]healthcare
  • survivecoronavirus[.]org
  • vaccine-coronavirus[.]com
  • coronavirus[.]cc
  • bestcoronavirusprotect[.]tk
  • coronavirusupdate[.]tk
  • coronavirusaware[.]xy

Researchers from Trend Micro, a global security software company, are regularly identifying and sharing new phishing websites that seem to be luring users in by featuring the terms “coronavirus” or “COVID- 19.” While you could certainly keep an eye on these types of lists, there is such a significant number of coronavirus-related domains being registered every day that the best protocol to follow is this simple one – treat all emails regarding the COVID-19 outbreak with extreme caution. Further, if you or an employee were to receive an email that contains a link to a potentially malicious website, close the email and delete it to avoid risk of infecting your computer, and possibly your entire company’s IT system. In addition, make sure to report any suspicious emails or websites to your IT manager or department.

2. Phishing Emails

Due to the coronavirus pandemic, many employees are working remotely for the first time in their careers. One of the biggest issues for business owners with a newly remote workforce is that they cannot be sure their employees have been diligent in protecting their home networks. This is precisely why hackers are now targeting isolated, teleworking employees as easy prey for their phishing attempts.

In addition to the typical phishing emails that ask a recipient to urgently approve transfers of funds or make changes to wire remittance information, many phishing scams today are directing people to click on a link or an attachment to get information about protecting themselves from COVID-19.

If you or an employee think you may have been reeled in by one of these phishing emails, and that you possibly clicked on something you shouldn’t have, it is recommended that you immediately contact your in-house IT department, so they can assess the situation and react accordingly.

Of course, there is far more cybercriminal activity going on out there than what we have outlined above. From the “infodemic,” which is the stream of COVID-19 misinformation being spread via social media and private messaging platforms, to fraudulent sales of items like face masks and COVID-19 infection maps, to GoFundMe scams asking for money to support “fake” people who have supposedly lost their jobs due to the crisis, cyber attackers are leveraging the coronavirus any way they can.

Cybersafety practices companies may want to implement during the COVID-19 emergency

Just one successful attack by a cybercriminal could significantly increase the financial strain that your business may already be experiencing as a result of the COVID-19 pandemic. So, it is more essential than ever to work with your IT team and staff members to implement safe cyber practices, including these four recommendations from cybersecurity experts:

  1. Intensify your employee training efforts. Teach your employees to identify fraudulent communications, like phishing and other attacks, to avoid severe breaches from happening.
  2. Re-enforce two-factor authentication for logging into company data, accounts, etc. Requiring two-factor authentication – a two-step verification process for users logging into your company’s systems – adds an extra layer of cyber protection and can serve as an alert when an unauthorized user is attempting to log in to an account.
  3. Limit your employees’ access only to the information they need for their job. Double-check that employees, especially remote workers, only have access to accounts, internal dashboards, and other company materials that are necessary to fulfill their job role. Also, if you must lay off an employee, it is essential to quickly remove their access to accounts.
  4. Update cybersecurity tools on both company- and employee-owned devices. If employees are using company-owned devices, firewalls and antivirus software should be installed and regularly updated. If employees use their own devices, consider offering to help install cybersecurity tools. You can go one step further to protect data on all types of devices by using software that encrypts everything you and your employees send, receive, and do online.

These are just a few critical steps you can take to help protect your company’s confidential business information, computer systems, and IT networks. In today’s unusual working environment, however, it is critical to have several knowledgeable resources you can turn to for advice on getting out in front of growing cyber risks. Chubb Insurance, for example, offers ten tips that may help your business and employees stay cyber-safe in this time of uncertainty.

The Fred C. Church team is committed to being here for you during this challenging time. Every day, there are new learnings and developments related to COVID-19, including what cybersecurity risks may be lurking out there. We will continue to work hard to stay on top of the latest news and information.

Be sure to visit the Fred C. Church COVID-19 Resource Hub where you can find more information about common commercial insurance coverages and how they may respond to a business loss, unique business risks associated with the pandemic, COVID-19-related employee benefits considerations, and other helpful resources.