By Maribeth Anderson and Emily Selck
Cyber criminals are capitalizing on the current pandemic and finding greater success in breaching an increasing number of business networks. Safeguard your network during this unprecedented time with these 7 best practices.
Viruses aren’t the only threat to businesses these days. Cyber criminals are preying on both vulnerable corporate networks, now taxed by a remote workforce on laptops, and healthcare networks working overtime to meet patient needs.
Cyber criminals are studying email correspondences, looking for holes in the way organizations are currently operating. They’re finding new opportunities to target employers who are struggling to implement remote protocols and procedures. In many cases, they’re meeting their end goal – to complete a fraudulent transfer of funds when change instructions aren’t verified.
They’re even baiting curious and anxious employees with phony websites impersonating healthcare organizations, and then inserting malware into business network. It is estimated that there are 2,000 coronavirus-related sites are created daily, most of them malicious, to target states with high infection rates, stealing information and credentials.
7 Best Practices to Avoid COVID-19 Cyber Crime
As always, human error is a network’s greatest vulnerability. Employees must be trained to be even more vigilant now that they’re away from the office. Use these 7 Best Practices to do so.
- Identify cyber breach response. Gather a one-page list of internal and external contacts necessary post-breach. Include contacts for law enforcement, all C-suite and directors and officers, your cybercrime insurance broker, a privacy attorney and a forensic investigator. Timing and communication post-breach will make or break it for an organization. This one-page list will be key to coming out on top.
- Report cyber-crime to the FBI. Cyber-crimes aren’t reported to law enforcement at the same rate other crimes are, but they should be. The FBI’s Cyber Division works exclusively on these crimes and can provide increased protection when they are reported.
- Review current IT policies.Organizations should review their policies regarding remote access. Inform employees of the approved technologies and the proper ways to use the technology. Implement controls for all transfers of funds, regardless of the size and especially when there has been a change in a process or procedure. Consider how to manage layoffs of remote workers should there be terminations during this stay-at-home period. Businesses will need a plan for how to repossess work equipment in this scenario.
- Use strong Wi-Fi and passwords. While most employees are currently sheltering in place at home where Wi-Fi is encrypted, many are still using phones, iPads and other devices remotely to access their business email or intranet while in line at the grocery store. Ask employees to use more robust passwords now. Update security patches regularly on both individual laptops and the business’ network.
- Secure online meetings. Utilize the most up-to-date security protocols when engaging Skype, Teams, Zoom or GoTo Meeting. Use a per-meeting ID instead of your personal meeting ID each time with a password and enable the “waiting room” feature to see who is attempting to join before providing them access. Disable the “join before host” option and lock the meeting once it begins.
- Only visit reliable sites. Teach employees to recognize which websites offer reliable data on the current crisis and ask them to avoid visiting sites on their work devices that aren’t reputable. For COVID-19 crisis updates, instruct them to visit only the CDC, WHO, Canada’s PHAC and FEMA sites. Only employees should use remote equipment. A child could easily inadvertently open a door to a cyber breach using mom or dad’s work computer.
- Review your cyber coverage today. Consult with your cyber insurance broker to analyze your coverage to determine which policy exclusions exist. For example, cyber coverage typically requires a written policy to be in place for employees to their own device for work, which applies to work from home situations as well. Without such a policy, your cyber coverage may not respond in the event of a breach. If necessary, edit your internal policies and procedures and alert employees of any new rules.
Taking charge of your business’ cybersecurity issues is a greater challenge when employees and IT personnel are working remotely. But, it’s not impossible. Create new policies and leverage them via distance training to turn the tables on cyber criminals and put your business back in the driver’s seat.