Page 64 - Cyber Defense eMagazine for July 2020
P. 64
The COVID-19 outbreak offers opportunity for hackers. For example, there’s malware embedded in some
live maps of the virus’ spread. COVID-19 themed malware that wipes a computer clean is also circulating.
Firewalls and anti-malware programs are a first line of defense for small businesses. These programs
must use automatic updating for maximum protection so they can detect the latest threats.
Workers now operating from home are exposing their company’s data and networks. They’re using home
Wi-Fi, and many are searching on non-approved or dangerous websites. Restricting search for remote
workers is tricky but is possible through a secure search engine such as GOFBA. This platform limits
malware by stopping users from reaching suspicious sites, while still allowing them to access information
that pertains to their jobs. Small business staff should also limit their information gathering about the
COVID-19 epidemic to established news and health organization sites. Unknown sites filled with
information about pandemic “cures” or various conspiracy theories and other content are likely filled with
malware.
2. Prevent Phishing
Phishing schemes are simple. A hacker creates a formal-looking email and sends it out to a large group
of recipients. Their goal is for someone to open the email and either click a link or download an
attachment. That simple action then launches malware which infects the person’s computer and the
linked company network. The hacker then controls the firm’s data, encrypts it, and holds it for ransom.
The pandemic provides ample material for phishing schemes. Emails touting fake COVID-19 tests or
miracle cures prey on people’s fear about the virus. Other emails pushing for donations to charities prey
on people’s willingness to help, while directing money to fraudulent accounts. Many phishing emails
mimic communications from local government agencies or the CDC, with official-sounding messages
about pandemic news or recommended actions.
Small businesses workers must read about the dangers of such emails, and how to recognize fake and
dangerous communications. The typical phishing email gives itself away with some clues:
• Amateurish design with outdated graphics and feel
• Unprofessional-sounding content with misspellings
• Odd URLs that do not match the company/organization (users can hover their mouse on links to
see the destination address)
• The email asks the recipient to confirm personal information, such as “Enter your SSN to see if
you qualify for free COVID-19 testing”
• Messages that play on panic and suggest urgent action are very often phishing schemes
Remote employees need a better understanding about phishing emails and should err on the side of
caution before clicking any links or attachments. Remind the employees that deleting the email is the
safest move.
3. Properly Manage BYOD
With a massive move towards remote work comes the need for laptops and phones to connect to work.
Some firms provide employees with devices. Others use a BYOD, or “Bring Your Own Device” policy that
allows employees to utilize their personal device to access work software.
Cyber Defense eMagazine –July 2020 Edition 64
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.