Coronavirus and Security
As COVID-19 continues to spread, bad actors continue trying to catch all of us off guard. Read on for what you and your employees need to watch out for:
Business Email Compromise Schemes
Malware-infected emails never go out of style. Now, the Federal Bureau of Investigations (FBI) believes there will be an increase in a specific kind of email scam: business email compromise (BEC) scams.1 These target people and businesses who use legitimate electronic fund transfers like wire or automated clearing house (ACH) transfers. Scammers will use social engineering, phishing, or computer intrusion to interfere with legitimate transfers and redirecting the funds.
How can you protect yourself against BEC scams? Watch for these common red flags:
- Unexplained urgency in emails
- Last minute changes in wire instructions, recipient account information, or email account addresses, including switching from a business to a “personal” email address
- Email-only communication and refusal to communicate via telephone, online voice, or video platforms
- Sudden unusual requests for advanced payments.
- Requests to change direct deposit information.
The FBI also recommends setting up multi-factor authentication for all email accounts, verifying any payment changes in person or over the phone via a known and authentic telephone number, and educating yourself and your employees on how to identify suspicious emails or phishing techniques. If everyone knows what to look for, it becomes easier to develop preventative strategies specifically for your everyday office procedures.
Along with typical malware-infected emails, you also need to watch out for infected websites. Right now, many of us are constantly searching the internet for the newest information on COVID-19, and legitimate information sources like the are extremely helpful. However, criminals building pages that imitate legitimate resources with infected coronavirus updates or maps. These sites have been created to look realistic with links or attachments with names like “Corona-Virus-Map.com” that are actually programs that serve as a back door into your computer, downloading other programs which can infect and possibly control your computer.
When researching updates or information to keep you, your family, and your employees safe, remember:
- Verify that attachments and links you receive are authentic and from legitimate sources.
- Be wary of information shared on social media if it does not reference a trusted source.
- Your best sources for updates are from trusted sites such as your local county or state health department, Centers for Disease Control, and World Health Organization.
Work from Home Security
You and your team may be working remotely during this time, which adds additional security concerns. Here are a few things to help stay secure:
- If available, be sure to use a Virtual Private Network (VPN) service. A VPN encrypts traffic from your computer to the destination making it more difficult for a bad actor to access your data. When using a VPN, make sure it’s connected before opening any applications.
- Always lock your screen when you are not actively using your computer. Locking your screen protects what you’re working on from prying eyes and requires your password to access the machine. For PCs, simply press the and “L” keys. For Macs, press Command+Control+Q.
- Be aware of your surroundings. Your work-related data is likely supposed to stay private, especially from friends, family, and the public. If you’re working outside of your regular office, attempt to work in a room with limited access. If you need to walk away, see the reminder above.
- Do not connect personal devices to your work computer. Connecting personal devices (i.e. external USB drives, cell phones, tablets, etc.) can potentially expose your work machines or network to infection, malware, even security breaches. Connecting your phone so it can charge up may seem harmless, but there are reports of malicious apps or programming loopholes that let hackers use your device to control it or other machines connected to it. The safest bet is to keep your work and personal devices separate.
- Only use approved communication channels for business communications. To protect your work-related data, only use programs approved by your employer. Using your personal accounts or your phone for texting work-related data can result in a compromise of that data.
These are just a few security tips we hope you find helpful and informative. We recommend that you also reach out to your IT staff or supervisor for additional tips that are specific to your organization and situation.