Covid-19 and Cyber Security

Article By Troy Richardson, South-West Texas Border SBDC Network –

As countries, states, and communities take preventive measures to reduce the spread of COVID-19, more businesses are allowing their employees to work remotely. It’s important to understand how this situation may affect your cybersecurity hygiene.

As with most significant global events, cybercriminals will leverage the event against potential targets to advance or achieve a malicious goal. This is most often carried out through phishing attacks. The cybercriminals send emails claiming to be from organizations that a recipient might expect to hear from, considering the current event. For example, with the COVID-19 disease, the emails may appear to come from a government health organization such as the CDC or other health care authorities.

Users should be aware of this tactic and utilize good cybersecurity hygiene to include:
  • Understand a government organization will never ask for your personal information in an email!
  • Check the email address of the sender; don’t rely on the name that is displayed, and inspect the elements of the email address, especially the domain information (after the @ sign).
  • Inspect any web links before clicking on them, by hovering over the URL with your mouse cursor to see where it directs to.
  • As with any possible phishing email, watch for grammatical and spelling mistakes, and delete any emails that appear suspicious.
  • Also, avoid emails that utilize generic greetings or are trying to instill a sense of urgency for you to act.
  • Don’t open any attachments from ANYONE unless you are expecting the attachment!
  • Businesses should review, and where needed, update their Business Continuity of Operations Plans, including backing up critical business data (local and off-site) and testing those backups to ensure you can recover using the backups.
  • If you or your employees are able to work remotely, take the following into consideration:
  • Ensure that your business has a current cybersecurity policy that includes remote working.
  • Utilize a trusted VPN utility to connect to work resources when on any network outside the business.
  • o Plan for non-business owned devices to connect to your organization or process business information.
  • o Identify, test, and utilize a collaboration tool that can be used among coworkers while working remotely.
  • Don’t store any sensitive business information in an insecure environment (home office, external unencrypted hard drive, open laptop, a public folder residing in the cloud, etc.)
  • Identify who will provide IT support to remote workers and how to contact that IT support resource.