Combating Cyber Threats In The Age Of COVID-19

The pandemic, which has increased remote access to sensitive data, has created new opportunities for cybercriminals. Here are some threats to watch out for.

The COVID-19 pandemic has led online scammers to launch new, and too often successful, ways to hack into computers and steal people’s information and money. The vast increase in people working remotely has compounded the risks of data breaches through technological vulnerabilities and human error. Scammers are focusing on social engineering and any schemes they can come up with that will make people open attachments, download apps, or enter their confidential information.

As experts have reported significant increases in the frequency of cyber attacks of all kinds, now is a good time for businesses to take stock of their defenses against such unauthorized intrusions, which include:

• Emails from “spoofed” email addresses that look like legitimate company addresses and try to fool workers to send or wire money to an account or provide confidential company information.

• Emails that try to fool workers into clicking on links to malware that infects computers or to trick people into entering their usernames and passwords for their email or computer systems, such as:

    • Emails targeting people working from home that purport to be from their work and contain a link to a website (work-related website or DropBox, etc.) and prompt the user to log in remotely, then exports the login credentials to the scammer.
    • Emails purportedly from the World Health Organization claiming to contain attachments with important health information.
    • Emails purportedly from the government and asking for credentials so the person can receive a stimulus check.
    • Emails offering COVID-19 testing that include a link that supposedly goes to a map of nearby test centers.
    • Emails disguised as coming from an electronic signature company (DocuSign, etc.) indicating they have a document that requires their signature and encouraging recipients to open a link or a file containing the important document. However, the file is not a document at all—it’s malware that immediately infects computers and could potentially spread to an entire network.•

• Efforts to hack into videoconferences, such as those conducted on apps such as Zoom or Bluejeans.

It is of course prudent for every business to take measures to prevent data breaches at all times, but the increased vulnerabilities brought on by the COVID-19 pandemic make it especially important. Not only do businesses want to stop cyber criminals from stealing their own important data and confidential information or holding it for ransom, but they have ever-expanding legal obligations to take reasonable measures to protect the privacy of other people’s data and information that they possess.

Per the American Bar Association’s ABA Cybersecurity Handbook, the emerging legal standard requires all businesses to engage in a process to “assess risks, identify and implement appropriate security measures responsive to those risks, verify that the measures are effectively implemented, and ensure that they are continually updated in response to new developments.” Furthermore, recent court decisions indicate a potential trend toward imposing upon corporate directors an obligation to monitor management’s compliance with a business’s cybersecurity and data privacy obligations.

The cyber threats emerging from the COVID-19 crisis should be a motivation for all businesses to engage in a deliberate process to determine if any changes in their approach to cybersecurity are warranted by the increased threats, or at least to remind their management and workforce of the best practices to minimize their cyber and legal risks. No matter where a business stands in its cybersecurity program, there are a few, relatively inexpensive things that it can do at this juncture.

• Alert its workforce to the nature of COVID-19-related email scams.

• Advise all videoconference app users to activate and use the app’s security features.

• Implement or reiterate effective company policies concerning passwords; the identity, handling and disposal of confidential information and information security, including hard copy documents and electronically stored information and data; and those policies requiring verification of wire transfer requests.

• Give serious consideration to implementing multi-factor authentication for logins to company network systems.

• Follow the detailed advice available on the website of the Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security.

Implementing the above protocol may minimize the risk of a breach and subsequent legal repercussions – especially for companies that have transitioned employees to home-working environments, away from the watchful eye of IT. While these steps provide best practices to mitigate the most common threats that businesses currently face, it is crucial for organizations of all sizes to understand the dynamic nature and growing sophistication of cyber attacks. Cyber criminals will continue to thrive on the disarray generated by the COVID-19 crisis, making defensive measures all the more pertinent for companies to avoid preventable costs and interruptions at an unprecedented time.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.