The COVID-19 pandemic is a perfect storm of opportunity for cybercriminals. These people understand that times of rapid transition can cause serious disruptions for organizations.
Getting back to basics
1. Phishing
According to COMPUTERWORLD, the word phishing was coined around 1996 by hackers stealing America Online accounts and passwords. By analogy with the sport of angling, these Internet scammers were using e-mail lures, setting out hooks to “fish” for passwords and financial data from the “sea” of Internet users.
Phishing represents 98% of social incidents and 95% of all breaches investigated. By simply keeping yourself and your employees informed and up to date on new phishing techniques, you can avoid falling prey to a scam.
It’s important for everyone to be extra vigilant with emails. If any one ever asks you for personal information or to purchase something over an email (whether or not they are from your company), always assume it is a phishing email. If you are not expecting to receive an email that has an attachment or a link, just don’t open it.
2. Malicious Email Attachments
If an email or email attachment seems suspicious, don’t open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it’s legitimate before you open the attachment.
3. Effective Passwords
The core rules about password hygiene still stand. Use a different password for every account, and make your passwords hard to guess. But cybersecurity experts say you can toss out three old rules: Never write your passwords down, don’t tell anyone your passwords and change your passwords frequently.
4. Restrict Employee Administrative Rights
Limiting users access might seem like an inconvenience for some, but mitigating the significant risks and costs associated with running with Administrator access, is well worth any inconvenience. We have seen firsthand the devastation that can occur when malware can run with full admin access. The cost for your business could be well over $10,000.
