In a time of confusion around the globe, some criminals are taking advantage of the current COVID-19 pandemic and are using the opportunity to attack people and businesses. With the large number of people working from home, cyber attacks pose an extra layer of risk than under the usual circumstances.
Fake websites appearing to show infection maps and emails with links to news articles about the coronavirus pandemic are being used by cyber criminals to initiate cyber attacks. If users aren’t vigilant, professionals working from their own unprotected networks and engaging with seemingly urgent messages can have severe consequences.
Here, we review some key warnings signs, cyber security best practices, and services offered by Special Counsel to help ensure that your cyber-hygiene is up-to-date.
Cyber Attack Red Flags To Watch For
Hackers are sending emails with links – or posting false articles from websites on social media – that appear to be alerts about the pandemic. Links will often point to infection maps or supposed government news updates. When a link is clicked, a site is visited, or a video is watched, hackers gain access and infect systems. Instead of the helpful information the clicker is hoping for, they’re instead unknowingly downloading malware that opens a backdoor to personal information.
1. Fake Infection Maps
The number of coronavirus-themed domain registrations has spiked and security experts believe that more than 50% are by malicious actors. There are many sites that are designed to look exactly like the Johns Hopkins infection
2. Emails from the CDC or WHO
Hackers are sending very convincing emails that appear to be sent by the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO) with links to learn more about the virus that in actuality lead to malicious websites.
3. Emails from government officials
Attackers are sending emails that appear to show legitimate statements by political leaders with advice taken from public sources with links to malicious websites.
4. Emails with RTF attachments
These are files that, when opened in MS-Word, run a series of macros that infect and/or steal information from your computer. Many have been sent that appear to come from the WHO, or promise coronavirus cures.
Cyber Threat Protection Measures
In order to stay protected against these attacks, it’s important to adhere to the following best practices:
Stranger Danger
Do not open emails or attachments from unknown sources. Be wary of emails from “known” sources that ask you to download attachments or click links where the writing tone is odd, or strangely generic.
Check the URL
If unsure about a link, hover your mouse over it to see the full URL. Make sure it is spelled correctly and points to a legitimate source. You can right click on the link to copy it, then paste it into a search engine (not your address bar), to confirm results.
Look for the Lock
Steer clear of links that point to website with an unsecure connection. If the URL starts with HTTP instead of HTTPS you are likely being led to a phishing site.
Be Weary of Poor Design and Click Bait
Be skeptical of unprofessional visuals that are meant to scare you, such as all caps headlines claiming that “YOU ARE IN DANGER.”
Stay Up-to-Date
Keep your software updated. Check that your operating system, office software, anti-virus, email client and web-browsers are updated with the latest patches and upgrades.
Connect the Right Way
If working from home and accessing company resources, your company should be requiring the use of a VPN to connect remotely.
Be Agile
Change your passwords regularly. If working from home, now may be a good time to change your wifi password and make sure your not using outdated WEP or WPA encryption. It is best to use something like WPA2 with TKIP or AES encryption.
Need a cyber health check-up?
In a time of so many challenges, we have solutions. Our cyber security capabilities can help protect your business from cyber attacks. We offer the following:
Rapid Risk Assessments
These are a quick way to have networks scanned for vulnerabilities. Special Counsel’s cybersecurity division, EQ, is offering client discounts of up to 20% for their first scan and assessment that will provide a detailed report ranking identified risks from low to highly critical.
Simulated Attack
Penetration tests are a great way to test whether users have retained and maintain security awareness best practices. EQ can run a test campaign against the entire organization designed to identify users that may need additional training.
For more information or to schedule a free consult, contact us.
Aaron Duncan is the Vice President of Discovery Services and Kris Wasserman is the Regional Vice President at Special Counsel, connect with them via LinkedIn today.
Attract & Retain Top Talent
With a rapidly changing industry, it's vital to offer the right compensation and set the right expectation. With our Salary Guide, get detailed job descriptions, industry insights and local salary data to equip your managers with hiring confidence and expertise.
Get your copy »