As we are living through a time of unprecedented health concerns, a select few people are taking advantage of shelter-in-place orders, remote work-from-home models and anxiously checked inboxes for their own gain.
According to a report by Barracuda, there were more than 9,000 coronavirus-themed spear-phishing emails between March 1-23, which was a 667% increase over the 1,188 attacks detected in February. To put this spike in perspective, there were only 137 COVID-19-related scam campaigns in January.
Playing on the fear of the tangible virus, this digital virus can take many forms — but almost always has the same end goal: to steal data, often with the intent of coercing users to pay the scammer in order to access their data again (aka ransomware).
Recorded COVID-19 scams range from a fake text message to overwriting an MBR (master boot record). The Better Business Bureau reported that the text message scam will look like it is from the U.S. federal government and will tell you that you must take a “mandatory online COVID-19 test” with a link to a website — if clicked, this website allows hackers to access your data or download malware onto your device, which puts you at risk for identity theft.
“It Won’t Happen To My Business.”
While it is true that following practical advice — don’t click on unknown links, make sure a website or email address is legitimate, don’t reveal personal or sensitive information — is a great way to stay aware of cybercrimes, it is important to understand that most businesses expect an attack to take place at some point.
In the 2019 Thales Data Threat Report, it was reported that in the U.S. alone, 65% of businesses claim they have been breached at one time and 36% within the past year, while 60% of global organizations say they have been breached at some point and 30% within the past year.
Now, as we have moved most operations online for the time being, employees could be using their home computers, which adds another level of security risk. According to the Department of Homeland Security, 1 in 3 home computers are infected with malware.
So, what now?
Creating an emergency response plan for whatever digital issues you may run into while working remotely — i.e., your storage system crashes or your servers are attacked by ransomware — can save both time and manpower in the long run.
Resources like a VPN, or virtual private network, allow your company to transport private data across unknown networks — like a home WiFi system — securely. Enabling a multi-factor authentication (MFA) solution can also help protect your VPN from phishing attempts or from anyone trying to gain unauthorized access. According to a 2019 Microsoft report, an MFA can help block up to 99.9% of attacks.
As we move forward in this new normal, briefing your team on best practices for responding to a potential cybercrime and educating them on cybersecurity issues can pay off in the long run — even when you’re back in the office.
MDL Technology Is Here For You
Hackers know that by targeting individuals and small businesses that lack the dedicated security teams and technical control of big companies, they are more likely to gain access to sensitive information without much effort.
Your company’s security is our top priority. We offer services such as 24/7 support, network monitoring, offsite data backups, auditing and compliance and more to help ensure that you don’t need to stress about your team’s private information becoming public or being stolen.
Educating yourself and your team members on the warning signs of common scams, malware or phishing attempts can help employees grow into cognizant cybercitizens. Learn more about the services we offer by visiting our website.