In March, businesses across the world rushed to implement a remote workforce to keep afloat amidst the chaos created by the COVID-19 pandemic. Though many organizations successfully transitioned employees to working from the office to their homes, cybersecurity best practices were often overlooked in the rush.
Now most companies have established a successful remote workforce, it’s time to reevaluate security. With that in mind, here are a couple of malicious scams related to COVID-19 you and your employees should be aware of as well as tips for avoiding them.
Just as we are settling into our routines working at home, cybercriminals are creating coronavirus-related apps to capture our most valuable data. They prey on companies that may have failed to implement proper security measures when they launched their remote workforce due to time and are banking on the fact there are holes in their security like Swiss cheese.
Bad actors can simply send an email to your remote workers asking them to install a new application to aid them in their work. Once the app is installed, it enables the crooks to access all of the information on your employee’s devices. This could reach into your business network as well. Once they have access to the data, they can steal it, delete it, or even hold you ransom.
It’s important to warn your employees to only download reputable applications from official app stores such as the Google Play Store or the Apple App Store. Remind them to be aware that those apps can be malicious so they should look at reviews before installing any new apps to determine their quality and security. If they receive an email from you or your business asking them to install an app, tell them to call you, your IT department, or your third-party vendor directly before installing it to ensure it is legitimate.
To access information, hackers are creating malicious documents that claim to have coronavirus-related information. If you or your employees open the document that comes via email, it will ask you to “enable editing” or “enable content.” If you enable the request, malicious software will be installed on your device.
Warn employees to report these emails immediately to your IT department or IT service provider and to NEVER enable editing or content, especially if it is coming from an unknown or untrusted source. Microsoft will, by default, block such enable requests as it is often used for spreading such cyberattacks. User education is more important than ever as people continue to work remotely.
For more information about current COVID-19 scams, remote workforce security threats, and how to apply cybersecurity best practices for your business, contact ORAM Corporate Advisors now at (617) 933-5060.