This article was written and produced by Brandon Agostinelli, FoxPointe Solutions, a division of The Bonadio Group. Looking to get in touch with Brandon? Reach out today: firstname.lastname@example.org.
As part of our everyday lives, both in and out of the workplace, having a heightened awareness for information security is getting more important by the day. As innovation in technology heavily influences how our government, business, and day to day lives operate, new potential methods of exploitation are discovered by criminals every step of the way. But in this case, the COVID-19 global pandemic has forced many people out of a job and has also forced people to rely on technology in every aspect of their lives, both in and out of work. Whether that’s something as simple as working from home, receiving Telehealth services, or online communication, people have had to leverage technology more than ever before to try to maintain their lives throughout this pandemic. With over three million Americans now out of work, worries over keeping food on families’ tables and making rent and mortgage payments are now at the center of people’s minds. This increased anxiety caused by the COVID-19 outbreak has yielded more opportunity for cyber criminals to attempt to exploit people. The amount of stress on the average person caused by a crisis such as this makes them more likely to make behavioral mistakes when online. Below are a few examples of common exploitation that we are seeing in larger numbers due to the pandemic:
- Phishing Emails: Cybercriminals are very good at creating emails and messages that play to current topics and stories to grab people’s attention and interest, therefore making them more vulnerable to clicking on a link that they would otherwise avoid. Emails describing what people can do to limit their exposure, reporting on infection statistics, and communicating information on potential cures are all examples of messages that are being used by cybercriminals to get your attention. Trustworthy sources are often used by cybercriminals in order to trick you and make it more difficult to tell that it is a phishing email.
- Remote Work: People who are fortunate enough to still be working through this pandemic are being required to work remotely (usually from home) in large numbers. Cybercriminals are attempting to take advantage of this by exploiting the mass use of virtual private network (VPN) technology, which is a recommended best practice remote work solution. Cybercriminals have tried to exploit the increase in demand for VPN usage with targeted attacks such as tricking users into downloading malicious software (malware) acting as a VPN solution and by stealing users’ credentials via phishing (as described above).
- Social Engineering: Now that almost all communication in both our business and personal lives is done digitally or via phone, cybercriminals are more motivated to utilize social engineering to gain access to information, money, etc. Whether it’s criminals posing as a family member when calling elderly relatives or posing as you when calling the human resources department at work, it happens and is happening more because of this pandemic. It is vitally important that the identity of anyone requesting access to protected information is verified.
In addition to everyone’s worry and need to continue to provide for their families, it is important that we all remain vigilant when interacting with people online and never reveal personal or financial information in an email, and do not respond to requests for that information. Cybercriminals are not sympathetic to what is going on in people’s lives; instead, they use people’s anxiety and suffering to further exploit them. Go out of your way to support those in need any way possible and help educate others on the importance of general information security awareness, especially during a time like this.
For more in-depth information risk management updates, feel free to visit FoxPointe Solutions's website, a division of The Bonadio Group, by clicking the link below.
The information and advice we are providing for this matter relates to COVID-19 legislative relief measures. Because legislative efforts are still ongoing, we expect that there may be additional guidance and clarification from regulators that could modify some of the advice and information provided to you, after the conclusion of our engagement. We therefore make no warranties, expressed or implied, on the services provided hereunder.