Coronavirus disease 19 (COVID-19) is a respiratory illness that can spread from person to person. COVID-19 originated in China and has been declared a global pandemic by the World Health Organization. As countries, states, and communities take preventive measures to reduce the spread of COVID-19, more businesses are allowing their employees to work remotely. It’s important to understand how this situation may affect your cyber security hygiene.
• As with most significant global events, cyber criminals will leverage the event against potential targets to advance or achieve a malicious goal. This is most often carried out through phishing attacks. The cyber criminals send emails claiming to be from organizations that a recipient might expect to hear from, considering the current event. For example, with the COVID-19 disease, the emails may appear to come from a government health organization such as the CDC or other health care authorities. Users should be aware of this tactic and utilize good cyber security hygiene to include:
o Understand a government organization will never ask for your personal information in an email!
o Check the email address of the sender; don’t rely on the name that is displayed, and inspect the elements of the email address, especially the domain information (after the @ sign).
o Inspect any web links before clicking on them, by hovering over the URL with your mouse cursor to see where it directs to.
o As with any possible phishing email, watch for grammatical and spelling mistakes, and delete any emails that appear suspicious.
o Also, avoid emails that utilize generic greetings or are trying to instill a sense of urgency for you to act.
o Don’t open any attachments from ANYONE unless you are expecting the attachment!
• Businesses should review, and where needed, update their Business Continuity of Operations Plans, to include backing up critical business data (local and off-site) and testing those backups to ensure you can recover using the backups.
• If you or your employees are able to work remotely, take the following into consideration:
o Ensure that your business has a current cyber security policy that includes remote working.
o Utilize a trusted VPN utility to connect to work resources when on any network outside the business.
o Plan for non-business owned devices to connect to your organization or process business information.
o Identify, test and utilize a collaboration tool that can be used among coworkers while working remotely.
o Don’t store sensitive business information in an insecure environment (home office, external unencrypted hard drive, open laptop, a public folder residing in the cloud, etc.)
o Identify who will provide IT support to remote workers and how to contact that IT support resource.
About the Author: Troy Richardson is a Business Development Specialist at the South-West Texas Border SBDC Network