Directive Blogs
We Need to Flatten the Curve of Cybersecurity Risk
People have been examining the COVID-19 pandemic and the resulting economic and social shutdown from every angle. Unfortunately, some of those people took it as the opportunity they’ve been waiting for to try and steal data and in some cases money from unprotected and unprepared people and businesses online. Let’s examine how the events surrounding COVID-19 have had an effect on cybercrime.
A Variety of Threats
Today, there are a lot of threats out there that could threaten a business’ data and infrastructure. This has been exacerbated by the fear brought on by the COVID-19 pandemic and most businesses don’t know where to start setting up their defenses. Most of the threats are in line with threats that they normally deal with, but many are seeing an increased frequency of them. By using COVID-19 as a ruse, cybercriminals threaten to take advantage of people's empathy. Some of the threats that business see:
- Phishing attacks
- Distributed denial of service attacks
- Man-in-the-Middle attacks
- Network based user threats due to negligence or sabotage
Of course, any of these threats can undermine your business’ ability to function properly, let’s look at the latest scams businesses are actually dealing with:
Website Spoofing
People shouldn’t have to deal with these types of things during a public emergency, but scammers have been setting up spoofed websites to take advantage of people’s tendency to think it is less risky shopping online. From fake government websites to websites that claim to make available discount face masks or hand sanitizers (a couple of the new staples from the pandemic) are being set up to steal people’s personal information. Using this information, the more sophisticated hackers can gain access to people’s accounts, leaving individuals, and the businesses they work for, reeling. Here are a couple things you can do to keep from being a victim of false websites:
- Check the URL - A fake site might look just like the real thing, but the URL won’t. With a lot of these scams being run on government and banking websites, you will want to remain diligent to check the URL by running your mouse over any links or buttons on a page or webform. If you can’t see where the information is going, or if the address you find is suspicious, don’t send any of your personal information through the website.
- Use Ad Blockers - Another great way to skim out fraudulent shady information is to utilize ad blocking software available through your browser’s store.
Email and Text Phishing
Of course, phishing is a big deal all the time as encryption does a good job of keeping traditional hackers out of their networks. Of course, phishing tactics change all the time, and since impersonating someone to gain access to personal information is one of the oldest and successful schemes on the web, it continues to be innovated upon. With over three billion phishing emails sent each day, unless you and your staff know how to spot and mitigate these threats, your organization will fall victim to one eventually. Here are a few strategies you can use to mitigate the risk from phishing emails:
- Confirm the Sender - The only way phishing emails work is when the person receiving the message trusts the information they are being sent. Ensuring that the message you’ve received is from who it says that it is from is one of the first steps in thwarting any phishing attempt.
- Don’t Click on Links and Attachments - Even a well-trained eye can be fooled by some link that looks legitimate but isn’t. It is important that if you aren’t expecting an email, or if you don’t personally know the person or organization that’s sending you messages (and their motives), don’t click on anything.
Cybercrime will be here a lot longer than COVID-19 will be. It’s important that you take the steps necessary to protect your business (and yourself) from the threats presented by scammers online. For more information on how to stop COVID-19-based cyberthreats, or if you would just like to improve your business’ ability to train your staff on the importance of cybersecurity best practices, reach out to Directive today at 607.433.2200.