Entrepreneurs have been focused on holding their businesses together, facing office shutdowns, setting up a remote workforce and likely facing lower-than-planned for quarterly income during the COVID-19 crisis. In the meantime, though cyberhackers have been having a field day. Cyberhackers benefiting during COVID-19 because of the quick shift from in-office to remote workers.
Cybercriminals and hackers have taken advantage of the coronavirus pandemic and are making a profit from the scramble from an office setting to a remote workforce setting. If business owners, lawyers, accountants and those in the healthcare fields didn’t have measures in place for a situation like this, chances are their data is at risk – or has already been compromised.
A crisis management plan – also known as business continuity and disaster recovery plan (BCDR) – if there was one, would have set forth standard operating procedures if there was an exodus from the office. When the data and your employees leave the confines of the firewalls and other security settings in your office space – that is easier for your IT team to manage –- you’ve just opened the doors and virtually invited hackers in.
Cyberhackers Benefiting During COVID-19
How do cyberhackers gain entrance to your law firm?
- They perpetrate pandemic-related telephone scams
- They send phishing emails that allegedly come from someone in your firm and that offer “crisis” related content the recipient needs to open
- E-commerce frauds and offerings of high-demand products (disinfecting wipes, toilet paper, etc.)
Entrepreneurs were focusing on the physical health of their employees and on the financial health of their businesses but weren’t likely thinking about the “invisible” threat of a cyber attack. Because of this, hackers are using the current situation to their advantage and targeting work from home staff. Cyberhackers are benefiting during COVID-19 at a higher rate than they do during “normal” business operations.
Depending on the size of your IT department and the size of the staff for whom they are responsible the IT department may be more accustomed to resetting passwords, updating systems and monitoring onsite threats. With the move to a remote workforce the IT department was contending with setting these employees up with a remote access work from home set up, showing them how to access the office network and fielding software and hardware issues.
Security protocols for COVID-19
There may not have been time to implement security protocols to enhance the company’s cybersecurity assets. This is not laying blame on the IT staff – they were faced with an extraordinary situation and did the best with what they had.
Did you have a crisis management plan in place that set up ways in which to address a situation like this pandemic – or another situation that would result in employees needing to work from a remote location? If not, this should be at the top of your agenda – today, or as soon as you get back into your office. We will talk later about the potential for viruses of the computer kind to make their way back to the office network once employees come back.
Phishing scams are the easiest way for a hacker to gain entry to your computer network. The scam presents itself as a legitimate-looking email from someone within the firm. The recipient is given a link to click or a document to download and when they do, a virus is inserted into your system. The virus may infiltrate your system immediately or it may be set on a delay and will take over the network once everyone is back in the office. Email phishing scams are scarily effective because they to closely emulate a staff email that your unsuspecting employee would have no qualms about opening a document or clicking a link.
The virus and/or malware that is released into the system could hold it for ransom. A ransomware attack means the hacker has taken over your entire system and all its assets and data and the firm owner cannot retrieve or access the information until the ransom is paid – many times in the form of bitcoin. With your staff working remotely, the risk of a malware attack has increased exponentially.
Where are the cyberhackers coming from?
Many of the cyberattacks have been traced to hackers overseas – North Korea, Russia and China – and these attacks are typically perpetrated against businesses in Europe, the United States and Iran.
Cyberhackers benefiting during COVID-19 and you need to take steps to protect your company’s biggest asset, its data, from a cyberattack? Here are a few items:
- Opportunities to buy high-demand products
- Phone scams from “government” agencies
- Fraudulent emails that look like they come from your medical provider, bank or lawyer requesting you to take action by clicking a link or opening an attachment
It is up to you and your IT staff as well as the principles in the company to communicate regularly with remote staff and to implement cybersecurity measures. Open lines of communication and training that staff undertakes to prevent a clicking of a link or opening of a document that releases a malicious virus into your business system.
We save our clients time, money and offer peace of mind. Don’t let your business become a statistic. How to avoid crisis management plan mistakes and help prepare crisis management plans.
WareGeeks Solutions help organizations transform technology, operations and service delivery to meet business challenges. We seek to understand your business needs and apply our in-depth knowledge of Data Protection, Business Continuity and Disaster Recovery (BCDR) and Cyber Security whether in the cloud or your data center environments to drafting a roadmap for transformation.