Many people are asking how they can not only protect themselves, but also their organizations, from all of these COVID-19 hacks that are currently popping up.
As with any other phishing scam, vigilance is extremely important. We are certainly going to have to keep on our toes for months, or even years, as this fallout from the pandemic could be around for a long time.
You have to be suspicious of each and every unsolicited email, phone call, or text, especially if someone is looking for account or contact details, or they ask to share personal information. If you feel like information seekers are asking for too much, you should vet the email, dig deeper, do some web searches, and make sure its legitimate.
Don’t use any links or phone numbers within the email of based on the call until you do this. If you get a recorded message, make sure you don’t press any button when asked. If you do, you may be giving them some type of approval and you end up being a victim.
- In response to ransomware, you should make sure that you are totally backing up your data on all of your devices.
- For any online account you have, set up or turn on two-factor or multi-factor authentication when you can. This, at least, makes those accounts less likely to be breached, even if someone does get ahold of some of your information.
You might think this is a pain right now, but it definitely won’t be a pain if your information is breached and you start to lose money.
There are many organizations that are being forced to give their employees access to their networks from home…and in most cases, they never planned for that. This working from home increases the criminals attack surface. So, the network is probably more vulnerable, and in some cases, security policies and processes are even being bypassed to ensure all employees have access to it. This comes at a big risk, and with every employee who has access to the company network, there is an opportunity for a hacker to get inside.
Most cybercriminals who go for this type of hack want to get access to this so they can get sensitive information and turn it into cash. Other hackers want to go big time, and they will use the credentials that they are hacking to use in attacks like “password stuffing/spraying,” to access multiple critical user accounts. With a larger “attack surface”, these companies are definitely at risk and because of staff working from all over the place, any attempt to break into the network could go unnoticed until it is too late.
Corporate cybersecurity and IT teams are working hard, but they, too, are generally working from home. With even more workload and more remote information to go over, this also means that they don’t have the time to pay as close attention as they should. This makes things even more dangerous, so keep your eyes open.
ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.