The COVID-19 outbreak offers opportunity for hackers. For example, there’s malware embedded in some
            live maps of the virus’ spread. COVID-19 themed malware that wipes a computer clean is also circulating.
            Firewalls and anti-malware programs are a first line of defense for small businesses. These programs
            must use automatic updating for maximum protection so they can detect the latest threats.

            Workers now operating from home are exposing their company’s data and networks. They’re using home
            Wi-Fi, and many are searching on non-approved or dangerous websites. Restricting search for remote
            workers is tricky but is possible through a secure search engine such as GOFBA. This platform limits
            malware by stopping users from reaching suspicious sites, while still allowing them to access information
            that pertains to their jobs. Small business staff should also limit their information gathering about the
            COVID-19  epidemic  to  established  news  and  health  organization  sites.  Unknown  sites  filled  with
            information about pandemic “cures” or various conspiracy theories and other content are likely filled with
            malware.


            2. Prevent Phishing

            Phishing schemes are simple. A hacker creates a formal-looking email and sends it out to a large group
            of  recipients.  Their  goal  is  for  someone  to  open  the  email  and  either  click  a  link  or  download  an
            attachment. That simple action then launches malware which infects the person’s computer and the
            linked company network. The hacker then controls the firm’s data, encrypts it, and holds it for ransom.

            The pandemic provides ample material for phishing schemes. Emails touting fake COVID-19 tests or
            miracle cures prey on people’s fear about the virus. Other emails pushing for donations to charities prey
            on people’s willingness to help, while directing money to fraudulent accounts. Many phishing emails
            mimic communications from local government agencies or the CDC, with official-sounding messages
            about pandemic news or recommended actions.

            Small businesses workers must read about the dangers of such emails, and how to recognize fake and
            dangerous communications.  The typical phishing email gives itself away with some clues:

               •  Amateurish design with outdated graphics and feel
               •  Unprofessional-sounding content with misspellings
               •  Odd URLs that do not match the company/organization (users can hover their mouse on links to
                   see the destination address)
               •  The email asks the recipient to confirm personal information, such as “Enter your SSN to see if
                   you qualify for free COVID-19 testing”
               •  Messages that play on panic and suggest urgent action are very often phishing schemes

            Remote employees need a better understanding about phishing emails and should err on the side of
            caution before clicking any links or attachments. Remind the employees that deleting the email is the
            safest move.

            3. Properly Manage BYOD

            With a massive move towards remote work comes the need for laptops and phones to connect to work.
            Some firms provide employees with devices. Others use a BYOD, or “Bring Your Own Device” policy that
            allows employees to utilize their personal device to access work software.





            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         64
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.