COVID-19 Scams Raise Security Concerns for Businesses

Over the past weeks, the novel coronavirus (COVID-19) pandemic has caused a shift in our working conditions, our social interactions, and our work/life balance in general. Many organizations have instituted work-from-home policies to adhere to the social distancing requirements in every state, and over one-third of employers say the recommendations to limit social contact have triggered a work from home policy for the first time.

A recent CNBC survey found more than one out of three of senior IT executives report that cybersecurity threats have increased as more employees are working from home, and IT departments and cybersecurity resources are being stretched to their limits to support so many individual worksites. There is a substantial virtual workforce now who are using personal and mobile devices for work, in addition to company-issued devices connected to home networks — all of which introduce additional elements of risk to organizational security.

Paycheck Protection Program Scams Target Your Business Data

Under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, eligible small businesses can obtain loans under a new, temporary Small Business Administration (SBA) loan program, also called the Paycheck Protection Program. The Federal Trade Commission (FTC) warns small businesses of organizations deceptively marketing themselves as approved lenders under the Paycheck Protection Program. These fraudsters are collecting sensitive business information under the guise of providing much-needed loans that never materialize.

Sensitive business data is threatened not only by fake lenders, but also by cyberthieves as the SBA’s emergency business loan portal itself suffered a data breach that was discovered on March 25, 2020. A few weeks later it was disclosed that the breach had exposed the names, Social Security numbers, addresses, emails, dates of birth, and insurance information of thousands of small business owners who had applied for aid during the COVID-19 economic shutdown. All this sensitive data can be used to perpetrate business identity theft, as well as personal identity theft.

Phishing Continues to Plague Your Employees

Phishing attacks remain the most popular way for bad actors to make their move on your sensitive business, customer, and employee data, with 91% of all cybercrimes starting with email. In 2019, there were at least 3.4 billion fake emails sent per day, and there are more than 1 trillion phishing emails sent every year. As employees frequently check for updates on the latest COVID-19 news, work conditions, conference and event statuses, they may be tricked into clicking phishing links that capture important documents stored in, or are accessed through, your employees’ devices — an especially risky endeavor if those are personal devices not protected under your company’s security network.

Remind your employees to stay alert for COVID-19 phishing scams and fraud in its many forms. For example, with the 2020 tax filing deadline extended to July 15, fraudsters can still commit tax identity theft using your employee information. A common Business Email Compromise scam involves impersonating an executive and asking for employee W-2 forms to be sent under an urgent deadline.

Remote Work May Open Your Business Up to Data Breaches

Employees using home networks for business now need to be extra vigilant about their other Internet of Things (IoT) devices – think smart TVs, game systems, baby monitors, and the like. They all represent an added security risk to a network. Safeguard your business from the disruption of a data breach by encouraging employees to keep software updated and to frequently change their account passwords. In addition, being proactive in preparing for a data breach event can save you thousands of dollars, reduce time lost, and protect your customer relationships.

It’s important for your business to include remote work protocols, in part to ensure for the continuity of business, but also to allow for data security measures from home office environments. Given the increased usage of online conferencing tools as a way to stay connected with coworkers, friends and family, consider employee policies around safe online conferencing as a way to reduce the threat of unwelcome visitors in your business meetings or compromising your business conference accounts.

6 Tips to Protect Your Remote Workforce

If your business is implementing a work-from-home strategy, review these six recommendations below. You can find additional tips to secure, protect, and preserve the well-being of your work-from-home employees in Sontiq’s shareable COVID-19 Scams and the Remote Workforce infographic.

Develop or update your Work-from-Home policy, specific to secure network connections, use of business equipment for business-only purposes, and data access.
Create policies that require strong passwords and provide clear guidance for employees on what to do if their devices are lost or stolen.
Together with strong passwords, employees should enable two-factor authentication (2FA) on all accounts. Requiring an additional level of security on all accounts and mobile apps can often thwart hackers from gaining access.
Educate employees on cybersecurity best practices on how to protect themselves from business email compromise schemes and other vishing and phishing tactics tied to coronavirus and other topics.
Provide mobile threat protection and deploy online PC protection tools to protect employees from keyloggers, spyware, ransomware, and other malicious code on mobile phones, laptops, and desktop devices.
Require employees to transfer and backup files using company-approved, secure means, including cloud storage with proper security protocols activated.