With the sudden increase in online activity due to COVID-19, the world is also seeing the spread of another terrible thing: cyberattacks. In recent weeks, reports have shown that many ransomware hackers are taking advantage of public fears surrounding COVID-19, largely by using phishing emails that encourage you to click on an infected link or attachment.
“We see behavior where [attackers] will break into organizations and actually lie dormant,” says Rob Lefferts, corporate vice president of Microsoft 365 security. “Both because they’re doing reconnaissance but also because they are apparently estimating what is the moment in time when that organization will be most vulnerable and most likely to pay.”
Other strategies are even more devious: fake coronavirus tracking apps or informational websites that are really just malware-ridden traps set for unsuspecting users.
Posing as Global Health Authorities
Scammers are posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC). They are sending phishing emails designed to trick recipients into downloading malware or providing personal identifying and financial information. Use sites like coronavirus.gov and usa.gov/coronavirus to get the latest information.
Be wary of any emails claiming to be taking relief donations for COVID-19. Hackers may take the opportunity to scam users with phishing emails. An organization is not authentic just because it uses words like “COVID-19” or “coronavirus” in its name or has reputable looking seals or logos. Evaluate the legitimacy of various charities at the following websites: Charity Navigator, Charity Watch, GuideStar, or the Better Business Bureau’s Wise Giving Alliance.
Be especially vigilant before giving donations through peer-to-peer or social networking websites, as it is difficult to verify that your donation will be used properly. This includes texts or messages you might receive online. Never donate using cash, gift card, or wire transfer. Use a credit card whenever possible.
Take Every Precaution
Make sure you are following some cybersecurity basics, such as:
- Use strong passwords or two-factor authentification when possible.
- Keep all your hardware and software up-to-date.
- Back up all important files and store them separately from your main systems such as the cloud.
- Ensure you have the latest anti-virus software installed on all systems and mobile devices.
- Educate staff about best practices in light of increased risks.
- Design an incident response plan in the event of a cyberattack.
When it comes to your email, do not click on links or open attachments which you were not expecting or that come from an unknown sender. If you’re unsure, hover over the link to check the URL it’s taking you to. If you don’t recognize it or it seems to be illegitimate, do not click on it!
Don’t put yourself at risk. Cybersecurity is important for small business owners to protect their proprietary data and the personal data of employees and customers.
If you’d like to start or expand your Indianapolis-area business, the Build Fund, operated by Renew Indianapolis, may be able to connect you to flexible, affordable, and responsible funding options for your business. Start the process now!