We’d like to think everyone’s attention is on how to avoid catching COVID-19 but that is not the case. Not only is COVID-19 spreading at a rapid pace, so is malware that is leveraging the pandemic for financial gains. We recommend communicating to employees to treat ALL emails regarding the COVID-19 outbreak with caution.
DHS announced that Social media platforms are increasing their vigilance about addressing and removing coronavirus conspiracies and cure hoaxes, such as ad blockers that try to exploit the situation. That helps reduce the threat from the social media vector but does not address risk from emails or other internet sources.
Some areas to consider to reduce risk to your organization during this pandemic:
Beware of scam emails which ask you to sign up or enter information. Some examples –
- The Center for Disease Control and Prevention. Sign up for alerts
- COVID-19 tracker maps. Use a reliable source such as HHS to avoid fakes
- Charities seeking financial help. Always go directly to the website and do not click on any links in the email.
- Resource availability for personal protective equipment like gloves, face masks and gowns.
Review your company’s Emergency Remote-work plan
- Assess who should work from home – roles and duties
- Use VPNs and multifactor authentication to prevent unsecure Wi-Fi networks from compromising your network
- Update and patch remote access systems
- Limit access to sensitive data
Evaluate Information Technology Readiness:
- Enhance system monitoring for alerts on abnormal activity
- Assess Incident Preparedness & Disaster Recovery Plans
- Review Supply chain impacts and identify alternate sources
Stay vigilant, communicate and continue with strong cybersecurity practices. Keep your staff updated on steps to protect your systems and patient information.
Free Informational Download
Additional useful links:
Walton, R. (n.d.). CISA Insights Risk Management for Novel Coronavirus. Retrieved from https://www.documentcloud.org/documents/6798491-CISA-Insights-Risk-Management-for-Novel.html
Security Tip (ST04-014). (n.d.). Avoiding Social Engineering and Phishing Attacks. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-014
Security Tip (ST04-010). (n.d.). Using Caution with Email Attachments. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-010
Before Giving to a Charity. (2020, March 9). Retrieved from https://www.consumer.ftc.gov/articles/0074-giving-charity