While the world is in the grips of a global pandemic, opportunists are out in full force! Unfortunately, malicious actors often piggyback on actual times of crisis to take advantage of innocent people.
As COVID-19 spreads, we all become more desperate for information. What is the latest news? What are the numbers? Is there an outbreak in my city? Am I still allowed to go to the grocery store?
This desire to know can lead to a momentary lapse in judgement, causing people to take actions online that they may have otherwise avoided.
In January, a successful malware campaign began in Japan. An email, seemingly from a Japanese disability welfare agency was sent out claiming to detail where the virus was spreading in the country. Recipients were encouraged to open the document contained in the email to learn more information. When they did, the trojan malware program Emotet was downloaded on to their computer and it began gathering the user’s personal information.
This is not the only scheme. All over the world malware campaigns and phishing scams are being deployed. These types of cybersecurity threats are not new, and they not going to go away any time soon. The only difference is that this time a legitimate global crisis is being used as a cover.
So, how can you as a business and as an individual protect your data from these types of attacks? Here is what you need to keep in mind during this time of unprecedented uncertainty:
Consider the odds
Before you open that email from Health Canada, the Centers for Disease Control (CDC), or the World Health Organization (WHO), ask yourself: is it likely that this agency would email me?
The answer, of course, is no. These organizations are not going to be sending their press releases via email to each individual in a country or particular region. These releases will be posted on their websites and shared through legitimate media sources.
Pay particular attention to emails sent from a foreign government. Why would the CDC, an American agency, send emails to a Canadian citizen? It wouldn’t.
Don’t open communications from senders you don’t know
Similar to the point above, don’t open email communications from people you don’t know or trust.
Most of us process hundreds of emails a day and as we shift toward remote work, the numbers of messages in the inbox will only increase. It can be hard to stay vigilant.
Unless an email is from someone you know, or the subject line relates to a business project/client request, it is best to not open it. At the very least, do not click any links contained within.
In typical times, this is standard practice but scammers and hackers are becoming increasingly good at mimicking corporations and agencies of trust. We must remain skeptical.
Train your organization
Every member of your staff or organization has a role to play in data protection. If one person misses the mark, the rest of you could be in jeopardy.
Consider holding a virtual (or on-site, if you’re able) staff meeting to discuss the types of scams that are currently going around and help your team understand what is safe, and what is not.
If you can pull together documents or training materials, you can send them to each employee and have them sign off upon reading them.
Remind everyone of your cybersecurity policies and send out safe browsing tips.
Make sure that everyone knows who to contact in your organization if they suspect that they may have inadvertently opened a malicious email. This most likely is a risk management person or your IT department.
Use a backup service
If you are not already backing up your data using a cloud backup or backup service, now is the time.
Cloud backup providers can help safeguard and protect your data from malware, ransomware, and theft.
Having a secure backup in place will prevent losses typically associated with ransomware attacks. You can restore your system to the latest backup and be up and running again in no time.
Look for a Canadian backup provider with servers located within Canada. This will minimize the number of outside governmental agencies that have access to your data and ensure upload and download speeds are maintained.
At the minimum, your cloud backup should include 256-bit encryption and password protection as well as on-site server security like retina scans and steel doors.
There is little doubt that COVID-19 will push each of us to our limits and malicious hackers will use it to test our systems and take advantage of our fears and desire to protect ourselves. But, if we all work together and we all know the risks, we can protect our data and our important business assets.
Staying safe during the coronavirus outbreak is about more than just social distancing and washing your hands, it is also about remaining vigilant in online behaviours.