To accomplish these critical tasks, businesses quickly deployed new tools, such as Microsoft Teams for communication and collaboration, and Zoom for videoconferencing. The combination of new technologies and disrupted work has meant a rapid rise in cyberattacks, as hackers try to exploit vulnerable people and companies.
Why is the new work model so attractive to cybercriminals? It’s a perfect storm. Companies have to rely on employees working on their home WiFi networks and, in many cases, with personal devices. Those same employees have to use new methods to connect to employer networks and files while figuring out how to use unfamiliar technologies.
During the COVID-19 crisis, hackers are preying on innate emotions — fear, anxiety and financial insecurity. The combination makes it far easier for attackers to launch successful assaults. Businesses face considerable risks given the frequency of attacks and how perpetrators are designing attacks.
As in most typical phishing attacks, hackers use email as the common attack mode. Emails often appear to be sent from an official from a local public health agency, the Center for Disease Control and Prevention or the international World Health Organization.
Many phishing attacks in circulation claim to contain vital health information about the pandemic. Others claim to be from a hospital, claiming that a relative is hospitalized and needs money to pay for treatment. Some others allegedly come from a federal agency, such as the Federal Bureau of Investigation or the Internal Revenue Service.
These attacks often contain attachments or links to websites. In both cases, a click can lead to malware being injected into the user’s computer. This malware can infect your company’s network, leading to data theft, data destruction or a ransomware attack.
For example, the WHO reported in late April it had seen a five-fold increase in cyberattacks against the organization compared to the same period a year ago. The agency reported that 450 emails belong to current and retired employees leaked online. Scammers were using the email addresses to defraud donors thinking they were donating to a WHO fund to a fund supporting the COVID-19 response.
Zoom has also been a prime target, with unwanted visitors “zoombombing” meetings and classes with disruptions ranging from loud music to pornography to racist comments. In response, the company has tightened up several default settings to keep sessions better protected.
Employee education is the top defense against phishing attacks. Help your employees spot potential attacks and respond proactively. As part of a comprehensive cybersecurity strategy, education helps keep many attacks from ever doing any damage. Here are tips to help employees working remotely: