How to Keep Business Data Protected During the Pandemic

The COVID-19 pandemic has disrupted businesses across the globe, with employees having to work from home while worried about their health and the economy.

How to Keep Business Data Protected During the Pandemic

The COVID-19 pandemic has disrupted businesses across the globe, with employees having to work from home while worried about their health and the economy.

Unfortunately, the pandemic has been a boon to hackers exploiting the anxieties to launch more cyberattacks, preying on the fears and uncertainty employees are facing.

What Types of Schemes Are Emerging During the COVID-19 Pandemic?

The U.S. Department of Homeland Security and the U.K.National Cyber Security Centre issued a joint alert recently calling attention to the growth in cyberattacks. The confluence of the pandemic and more people using home WiFi networks, personal devices, and unfamiliar technology has created ample opportunities.

The agencies “are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations,” noted a release.

Many of the attempts use emails purportedly from trusted health care officials or agencies. The emails contain attachments or links to websites, with an urgent message that there is information available on the health crisis or economy. However, websites are likely malicious. In mid-March 2020, security software maker Sophos identified 1,700 malicious domains (1,200 of which were active) with “corona” or “COVID” in their title.

Clicking on an attachment or to a website can lead to malware installed on the reader’s computer. Thee programs can be used to steal or delete valuable data or lockout websites and systems in a ransomware attack.

The federal agencies noted the phishing schemes, malware attempts, and domain registrations as the most common COVID-19-related threats. The other most common risk is from attacks on newly and rapidly deployed software for telework.

One of the most popular newly used programs is Zoom, which saw exponential growth in March, hitting 200 million daily users, up from a 2019 daily high of 10 million users. Zoom issues include an increase in “zoombombing” attacks that let in unwanted participants who disrupted school sessions and meetings. Besides, security flaws identified in recent weeks prompted the company to change many of its default settings and revise its privacy policy.

Other phishing attacks target instant messaging programs with urgent texts about the virus or government payments to individuals and businesses.

How Can Businesses Protect Their Data and Systems?

Here are some tips to make it more difficult for hackers to infiltrate your business systems:

  • Be skeptical of emails from unknown sources. Hover over the From field or any website links to assess validity. If in doubt, delete
  • Businesses like Google, Apple, and Microsoft will not contact you, asking for account information or passwords.
  • Do not make virtual meetings public or use social media to publicize them.
  • Use Zoo security settings such as restricting screen sharing, requiring a password to join, and activating Waiting Rooms, which lets the host grant entrance to participants.
  • Require stringent password protection and force users to change passwords frequently.
  • Use multi-factor authentication for access to apps and sensitive company data.
  • Encourage employees to update new software tools regularly to install new security fixes and features.
  • Hold employee education sessions to make workers aware of the cyberattacks and what to look for in emails.
  • Do to share account, password, or login information with callers or over email.

The Technology Advisory Group helps New England businesses with cybersecurity and managed technology services. Our security teams are ready to help you during this challenging time.

Our services include risk and gap analyses, sensitive-data inventory, third-party vendor review, user security testing, including phishing tests, and employee security training. To learn more about your cybersecurity services, contact us today.