Hackers and scammers are always quick to exploit a crisis, and the coronavirus is no different. Businesses need to continue to be vigilant and ensure their networks and data are secure as new threats and scams emerge alongside existing ones. Whether you have converted to a remote work set-up or are continuing to work in similar fashion to pre-coronavirus times, security must be top of mind going forward.
There are plenty of coronavirus-related scams going around, and they look to prey upon individuals and businesses alike. They may pertain to the virus itself or to government money, such as the Paycheck Protection Program (PPP) or other financial matters. Don't be fooled.
The Federal Trade Commission has some advice on how to avoid such scams, and this information should be shared with employees, especially any who are using company devices or networks (1). The advice is summed up in the following infographic:
Image via FTC.gov
Scammers may be looking to install malware on the victim's device, so educating your employees on the existence of these scams and how to avoid them is critical to protecting your business.
Video conferencing has never been more popular in the workplace (or virtual workplace) as numerous businesses have enabled remote work options so that productivity can remain, even if other aspects of the business have been disrupted. While there are multiple platforms commonly used, Zoom has been in the news a lot as a frequently used option. Unfortunately, many of the stories have been about how meetings are being infiltrated by people making threats, using obscene language and hate speech, sharing pornographic materials, etc.
Zoom says that if you are having a public meeting, the host should make sure they are the only one who can share their screen (2). Otherwise, have a private meeting that requires a password to enter. Similar practices should be observed for other video conferencing platforms. Be sure you can control the meeting or that only trusted people have access.
The coronavirus has hit the economy incredibly hard, and a record number of people have lost their jobs. While most will understand why such a difficult decision had to be made, there is still the chance that an employee upset about the loss of their job or hours or a reduction in compensation may look to wreak havoc.
"Organizations can reduce the risks by removing over-privileged users, such as local administrators or power users on systems, before they get moved to unsecure home networks, thus reducing the risk of those privileged accounts getting compromised," says Joseph Carson, Chief Security Scientist and Advisory Chief Information Security Officer at Thycotic in a Security Magazine article (3). "Using the principle of least privileged will allow employees to continue doing their job staying productive while reducing the risks of abusing privileges."
He notes that monitoring privileges reduces the risks of employees abusing permissions and access. Of course, you would want to remove access when an employee is let go, as well.
Change passwords and passcodes
If there is ever a concern that a specific app, account, or device, or even your whole network, has become compromised, be sure to change passwords and passcodes accordingly. Even if you have been compromised, changing these should help prevent further access by restricted parties.
It's also a good idea to change passwords and passcodes on a regular basis. This adds a layer of protection that can prevent unwanted access.
To keep your bank account(s) safe, refrain from sharing your account number with anyone that doesn't absolutely need it. Check your accounts every day to ensure there are no fraudulent transactions being made. Use strong passwords, and make sure you aren't accessing your account on an unsecure network.
Check with your bank to see what protections are offered, and what you can do to ensure your account is safe.
As a small business owner, security has no doubt been a priority for you in the past. While you may be facing enormous new challenges, don't let them keep you from taking security just as seriously as ever. Learn to recognize emerging threats and prevent scams and fraud from hurting your business during this critical time.