We’ve seen a massive surge in cyber-attacks during the pandemic attacking any sector that’s open ranging from municipal governments, to healthcare, finance and even large consulting firms with cybersecurity advisory practices such as MNP. Phishing using COVID-19 as a lure has jumped 350% since mid-march. Background.
Cybercrime is targeted both business and individuals. Individuals are seeing texts and e-mails about COVID-19 benefit and relief programs. There has been a noted spike in so-called sextortion e-mail scams (Background)
For businesses, it is our expectation however that the full impact of COVID-19’s increase in cyber-attacks won’t be felt until the fall as most attackers take time after getting inside an organization to gain a sustainable foothold, map the organization, steal data and prepare for a ransomware or other extortion scam. We expect to see an uptick in data breaches and disruptions between September and December. This will result in even more economic damage to businesses of all sizes at time of weakness as a result of the pandemic.
What can businesses do?
1) Train employees about cybersecurity and phishing. 93% of successful malicious attacks come from phishing e-mails. Beauceron has made free training available on COVID-19.
2) Create a process for employees to report suspicious e-mails. Just deleting them removes a potential early warning sign you could use to educate your team.
3) Ensure no financial transactions are solely approved through e-mail. Make sure phone calls are required to validate authenticity of financial requests.
4) If your business uses Microsoft Office365, turn on multi-factor authentication. Need help? The folks at Bulletproof have Office365 experts.
5) Review your businesses’ cybersecurity and privacy plans including incident response plans. Don’t have one? Here are some free templates.