COVID-19 has pushed us – everyone, everywhere out of our comfort zones. We are facing unprecedented challenges in our personal and professional lives, working from home with our routines in disarray. We are in an uncertain time, and it is natural to be worried. But while we are most vulnerable, cyber criminals are stepping up their attacks.
FBI officials say cybercrime reports have quadrupled during the pandemic. The laptop you use for work, the phone you use to Facetime with family, the tablet that entertains the kids – each connected device helping us get through the quarantine is a possible point of attack, since they’re all connected in a multitude of ways.
Cybercriminals are deploying social engineering tactics and taking advantage of businesses that have moved into a remote workplace environment during the COVID-19 pandemic. It is best to be informed of how these tactics work, the ways they can impact your business, and how to recognize a potential threat.
Social engineering scams are deceptive tactics that cybercriminals use to impersonate legitimate people or organizations. You do not have to have a website to be susceptible to these attacks. If you communicate with the outside world, they will try to find a way in. Cybercriminals can use phone numbers or emails that are almost mirror images of the authentic source but usually there is something slightly different that may easily go unnoticed.
In order to be successful, it may require a little bit of homework, but these individuals have a lot of time on their hands to investigate your business. They could impersonate a colleague, your boss, or an external contact, such a vendor in order to gain access to bank account information, passwords, or other sensitive data. Right now, we are in a real-world crisis that demands our attention every day and cybercriminals are betting that we will miss the small details.
There are more people working from home during the COVID-19 pandemic and our pets are not the only ones happy about that. Organizations never meant to run remotely are quickly adapting, proving that even though they are not physically together, they are still connected. But the demands of this urgent and unforeseen technology adoption created vulnerabilities in the virtual private networks (VPN) of organizations.
Think of the VPN as an underground network of tunnels that connects all employees together. If the tunnel is not maintained or updated with the latest software patches and security configurations, how safe is it for sending confidential data and personal information?
During the COVID-19 pandemic, cyber criminals are sending more phishing emails than ever before, targeting those working remote, attempting to steal their usernames and passwords in order to hijack entire networks. At first glance, these emails appear to come from a recognizable source, but are part of a well-laid trap.
Cyber Crime Costs
Most businesses deal with a kind of Personally Identifiable Information (PII). PII is any data that could be used to identify a certain person and includes but is not limited to social security numbers, driver’s license, full name, bank account numbers, and email addresses. As an example, we will look at the costs to a small business that stores roughly 200 records that contain PII. If all 200 records are compromised in a data breach, the average costs for the attack are listed below.
|Customer Notification/ Crisis Management||$37,365|
|Regulatory Fines & Penalties||$4,316|
|Class Action Lawsuit||$638,140|
|Potential Total Cost||$848,321|
Be Vigilant and Be Sure
If you are not sure whether your software and networks are strong enough to withstand an attack, it is time to get a ‘tune-up’ from a reputable source. The Managed Network Services Group (MNS Group) is giving back by offering free dark web security scans, a 60-minute IT consultation and two-hours of helpdesk support, and free content to assist you in creating a safe workplace. https://mnsgroup.com/mns-group-gives-back/
Every business in every industry faces cyber security risks; the exposures are different but there will still be a loss. Cybercriminals are relentless in their attempts to breach your security software and launch an attack to steal valuable data. A breach will not only have a direct consequence to the integrity of your business but will also put your customers at risk.
According to the 2019 Official Annual Cybercrime Report, cybercrime damages will cost the world $6 trillion annually by 2021, up $3 billion from 2015. We will see cybercrime continue to rise long after the threat of COVID-19 is behind us. To protect yourself, make sure you have a comprehensive suite of security tools in place, including antivirus, ransomware protection, as well as encryption software.
The best way to protect your business from aftermath of a cyber-attack is to make sure you have a stand-alone cyber insurance policy to cover your first-party and third-party risks.
There is no one-size-fits-all policy for cyber insurance. Contact your Client Advisor for guidance in customizing the correct policy to protect the coverage areas and attack vectors for your specific business. We are here to help you be sure and cyber secure.
Teleworking Tips to Protect the Organization:
The FBI published the following recommendations to protect businesses from fraud relating to the software utilized for teleworking platforms.
- Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
- Restrict access to remote meetings, conference calls, or virtual classrooms, and use passwords, if possible.
- Beware of advertisements or emails purporting to be from telework software vendors.
- Limit access to teleworking functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) to only required individuals.
- Do not share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
- Never open attachments or click links within emails from senders you do not recognize.
Cyber Fraud Prevention Tips:
The FBI has provided the following additional tips that can help protect individuals and businesses from being victimized by Cyber Fraudsters:
- Verify the web address of legitimate websites and manually type them into your browser.
- Change passwords for routers and smart devices from default setting to unique passwords.
- Check for misspelled domain names within a link (for example, confirm that addresses for government websites end in .gov).
- Report suspicious activity on work computers to your employer.
- Use multi-factor authentication when accessing organizational sites, resources, and files.
- Practice good cyber security when accessing Wi-Fi networks, including use of strong passwords and Wi-Fi Protected Access (WPA) or WPA2 protocols.
- Ensure desktops, laptops, and mobile devices have anti-virus software installed and routine security updates are applied; this includes regularly updating web browsers, browser plugins, and document readers.
- Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
- Do not provide usernames, passwords, birth dates, social security numbers, financial data, or other personal information in response to an email or phone call.
- Never use public or non-secure Wi-Fi access points to access sensitive information.
- Avoid using the same password for multiple accounts.
Hanover Cyber Checklist. The checklist outlines several hardware, software, and cybersecurity educational items that organizations should consider and implement to protect their digital infrastructure. Negative responses warrant further investigation.