Cybercriminals are taking advantage of panic around COVID-19 to develop new ways to infiltrate accounts and networks with malware and ransomware, as we previously wrote about. Often, scam artists pique users’ curiosity by sending them to fake COVID-19-related websites, then redirecting them to fake sites that prompt them to enter their user credentials.
In the time since that article was published, the situation has only gotten worse: the FBI’s Internet Crime Complaint Center has received more than 3,600 complaints about coronavirus-related scams.
We shared details for how users themselves can avoid such scams, but what can companies do to combat them—especially when most employees are still working remotely, in some cases on their own devices, and in others on company-owned equipment?
Here are some strategies for keeping your employees and company data safe:
1. Provide a virtual training session on coronavirus-related phishing scams
Hold a web conferencing session with your employees where you can walk through a series of examples of coronavirus phishing emails and SMS messages. Advise them not to click on links from sites that they haven’t interacted with in the past, and to mark suspicious emails as spam
2. Run a simulated phishing test
If you want to know how susceptible your employees are to falling victim to COVID-19-related scams, the best way is to run one yourself—in a risk-free environment. In a simulated phishing test, your company can generate an email or SMS message similar to those that hackers might send, and run a report to determine how many employees click the link in the email. This can help you ID which departments or employees may need more training or more administrative control.
If your company is new to remote work, you might have set up the simplest free tools for employees to use, but that can be a big security risk—with tools like Zoom, for example, many companies have unwittingly found themselves “Zoombombed” by intruders, or have had their passwords hacked.
3.Make sure that your network security is protected
Coronavirus-related scams aren’t the only types of cybercrime that can infiltrate your network. While awareness helps, the best thing you can do is take efforts to safeguard your network security and data. Strategies for doing this include:
- Set up a virtual private network (VPN), which will create a private network across your employees’ public networks, allowing them to privately share files and data
- Use a single sign-on (SSO), which will allow users to access all of their work apps with a single password. The SSO authentication is tied to their IP address, ensuring that even if a scam artist obtained the password, they wouldn’t be able to log in.
- Use enterprise grade collaboration tools. If your company is new to remote work, you might have set up the simplest free tools for employees to use, but that can be a big security risk—with tools like Zoom, for example, many companies have unwittingly found themselves “Zoombombed” by intruders, or have had their passwords hacked.
In order to keep your company safe, focus on building and training your team on strong, secure policies, backed up by best-in-class technology. Make sure your employees understand best practices for staying safe online and protecting your company’s data, and give them the education to help them avoid falling victim to COVID-19 scams or other cybercrimes. By setting up a strong infrastructure for online security, you ca