With COVID-19 sweeping the planet, we have all had to change how we live our lives. This has created many new challenges to the way we work. Many practices have been forced to have their employees work from home. This creates new cybersecurity challenges for practices. Never to miss a good opportunity, cybercriminals are increasing their attacks and using COVID-19 to increase their chances of success. COVID-19 scams can be found everywhere, not just in cyberspace. But in cyberspace, they can be well-designed attacks that most users may not notice until its too late. We will cover some of the attacks we have seen and others making their way around the web. Find out how to protect your practice and keep your data secure.
According to an article by CNBC, cyberthreats have risen by as much as 40% during the current pandemic. While the majority of this increase is composed of phishing type attacks, there has been a sharp increase in direct targets on company networks and websites. Cybercriminals know that many workers are at home and are stressed and distracted. When that happens, we all make mistakes. Add to that the creative phishing schemes that have been popping up and its a recipe for disaster. LEt’s go over some of the common attacks starting with phishing emails.
COVID-19 Scams – Phishing Attacks
As soon as the virus had made the news, the COVID-19 phishing emails appeared. Some claimed to contain important information from organizations such as the CDC and the WHO. These usually had attachments that alleged to have instructions on how best protect yourself from the virus. These attachments will almost always be malicious and will be used to take over your computer.
Due to the rise of Zoom meetings, fake Zoom meeting emails will be sent with a link to click for the meeting. The link will take you to a page that will contain malicious content to hack your computer.
Remote access tools are very popular now since they allow employees to work from home. Some COVID-19 themed emails have offered a free remote access tool to help you work from home more easily. The link will download a malicious program that will give the attacker complete access to your computer or contain ransomware.
Attacks on remote workers
Many workers are using their own personal computers at home to work remotely. This creates a potentially insecure pipeline directly into your network. Why is this? Corporate networks are usually managed well for things like patch management and anti-malware software. The same can’t always be said for home computers. By allowing these computers onto your network remotely, you may have allowed very insecure devices direct access to your data. These computers represent a much less protected way for an attacker to gain access to your practice.
Attacks on networks and websites
Because many companies have reduced staff, attackers know this is a good time to try and a break-in. In addition, working from home makes it harder to properly monitor everything that is critical to your practice such as firewall logs, server logs, and website logs. This will make noticing an attack take longer and the chances of missing one altogether increase.
So what can you do to protect your practice?
Protect your practice from COVID-19 scams and attacks
The most important thing you can do to protect yourself is to keep your staff trained and updated. Not only is cybersecurity awareness training a required element of HIPAA compliance, it just makes good business sense. Make sure you have trained your staff on how to handle suspicious emails. Now is a good time to go over phishing tactics like the ones listed above. Make sure they know not to click on any attachments or links unless they are 100% sure that it is safe. If you aren’t sure, don’t click.
Keep your computers up to date with all security patches from Microsoft. This is critical as it closes holes that attackers can use to hack your computer.
Make sure that all computers connecting to your network have quality anti-malware software running on them. The most important thing to have enabled is real-time scanning. This will protect from attacks that happen from websites as well as from attachments you might open.
For remote access, make sure you are using a Virtual Private Network (VPN) or some other form of encrypted remote access. This will protect your data as it moves across the internet. If you are using password-based access for your VPN, please make sure you choose a strong, secure password. Using two-factor authentication is even better as it blocks 99% of password attacks.
Remote workers need protection too
While it might be hard to tell your employees how to handle their personal computers, this is something that has to be done. A computer should not be allowed to access your network if it doesn’t meet the same security posture as your office computers. This means behind a firewall type device (at the very least, a home router), using anti-malware protection that is updated regularly and supports real-time scanning, and the computers are kept up to date with software patches.
With the sharp rise in attacks and COVID-19 scams, now is the time to make sure your practice is secure. If you haven’t done your Risk Assessment, now is a really good time to do it. This will let you know the areas you need to address to make sure your practice stays safe during this pandemic.
If you have done your Risk Assessment, provide security awareness training to your employees that address these new risks. This will go a long way into making sure you aren’t the next breach on the news.
Lastly, review your current security posture to make sure your computers are up to date and that you have anti-malware protection running.
Following these steps will help ensure your practice is vaccinated from the numerous COVID-19 scams and that you come through unscathed.