The coronavirus has impacted several countries across the world, forcing businesses to adapt to new ways of getting work done. For many businesses, this means supporting a suddenly remote workforce.
To best protect their employees in the face of coronavirus-related email scams, companies can deploy technology solutions that help detect and prevent common hacking techniques like phishing.
Cybercriminals have adapted to COVID-19
Unsurprisingly, cybercriminals have modified their phishing and social engineering techniques and are using the panic, fear, and curiosity surrounding the coronavirus pandemic to launch cyber attacks.
In March 2020, Security Magazine reported that Coronavirus-related spear phishing attacks increased 667% from a month prior. These phishing attacks included general scams, brand impersonation, and business email compromise.
|Examples of COVID-19 cyber scams:|
If you are a victim of a phishing scam
Victims of phishing scams can file a complaint with the US Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3).
Changing the password to accounts that may have been compromised in a phishing attack is one way to prevent further scams. These scams lure victims to enter account usernames and passwords into a credential harvesting fake website. Password manager software can also be used to manage strong and unique passwords across their business and personal user accounts. These tools reduce the burden of users having to remember multiple passwords while also informing them when their passwords have been compromised.
Using multi-factor authentication (MFA) on important business and personal accounts can help better secure user accounts. The most common factor to prove a user’s identity is through knowledge challenges, such as supplying a username and password. But with the rise in password hacking, using only one factor of authentication often does not provide enough security.
|Read more: Learn effective strategies for securing a remote workforce →|
MFA is a way to prove that the user is indeed the person they say they are using multiple means. Often, MFA can be achieved with one-time passcodes sent to users via SMS, email, or voice calls. It can also be performed using software tokens on authenticator apps or hardware tokens that use physical security keys. Biometric authentication, using fingerprint, face print, or voice print validation is also gaining popularity with consumers.
Combatting COVID-19 scams by employee training
A relatively easy solution for businesses to combat coronavirus-related phishing attacks is to educate employees about the types of phishing attacks they may be presented with. Actions could include not clicking links, marking an email as spam or phishing, and informing the company security or IT teams. Regular security awareness training empowers employees to take the right actions when confronted with cyber threats. Security awareness training software generally offers online security coursework, simulated attacks, and assessment tools to train a workforce at scale.
Despite being a generally simple solution, another recent survey conducted by G2.com on the security of over 600 full-time remote workers found that 55% of remote employees had no security awareness training, which leaves many companies at risk for security breaches and data loss.
To protect employees at an individual level, especially to reduce blackmail related attacks, businesses can offer their workforce employee identity theft protection solutions. These solutions monitor an employee’s personal information--including sensitive information like usernames and passwords, social security numbers, insurance or medical information, phone numbers, and more--on dark websites used by cybercriminals. In the event of a personal breach, many employee identity theft protection solutions offer identity theft insurance along with credit restoration services.
|Related: How to Authenticate Remote Workers in a Zero Trust Security Model →|
Protecting business emails
Even though many businesses use internal communications software to communicate with employees, email remains a popular external communication method and therefore, a primary attack vector for cybercriminals.
In addition to providing staff security awareness training, companies can reduce the number of email scams and phishing attacks being sent to employees using software solutions. For example:
- Email anti-spam software can prevent emails with malicious links and attachments from being delivered to employees in the first place. These tools scan emails for potential threats and then block suspicious emails from being delivered to the end recipient.
- Cloud email security software can help prevent phishing scams by similarly blocking malicious emails and prevent data loss.
There are even more sophisticated email protection tools, such as intelligent email protection software, which helps companies prevent email-based attacks and data loss. Intelligent email protection software uses contextual machine learning to understand employee email usage and develop a baseline on which to assess cyber threats related to emails. These solutions filter both incoming and outgoing emails and block unauthorized emails from being sent or received. These tools are particularly useful in combating insider threat and social engineering-based attacks, where cybercriminals use sophisticated deception methods to trick users into giving up sensitive information.
The way forward
Scammers will take advantage of times of uncertainty such as the coronavirus pandemic to launch phishing scams and other cyber attacks. But with employee awareness and technological solutions in place, businesses can reduce the threat these scams pose to their employees, customers, and ultimately their business reputation.