Cybersecurity Threats in the Age of COVID-19
There is no shortage of news about the coronavirus outbreak, formally known as Coronavirus Disease 2019 (COVID-19). We wanted to remind you that during media intense events like this, cyber attackers take advantage of this and attempt to scam you or launch phishing attacks that attempt to get you to click on malicious links or open infected email attachments. Here are some of the most common indicators that the phone call or email you received is most likely a scam or attack.
- Any message that communicates a tremendous sense of urgency. The bad guys are trying to rush you into making a mistake.
- Any message that asks for your personal or work information or prompts you to share your username and password.
- Any message that pressures you into bypassing or ignoring your security policies and procedures.
- Any message that promotes miracle cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.
- Be very suspicious of any phone call or message that pretends to be an official or government organization urging you to take immediate action.
For the latest updates consider visiting the World Health Organization or the Center for Disease Control. Please keep in mind coronavirus scams and attacks can happen at work or at home, via email, text messaging or even over the phone. Don’t fall victim to bad guys playing on your emotions. If you suspect you may have been the victim of a phishing event, immediately report it to your IT support team so they can identify and mitigate the threat or attack.
Some additional precautions you and your IT team can take are as followed:
- Ensure remote users have secure access to work files via a Virtual Private Network (VPN) connection or a Virtual Desktop Infrastructure (VDI) session. These are secure methods to get on your network and access your data or applications.
- Ensure that you have Multi-Factor Authentication (MFA) is turned on everywhere possible. This is when you receive a code either via text message, email or an authenticator app that you have to enter in after you type your password. As cumbersome as this may seem, just remember that this is one of the most important ways to protect you from attackers.
- Ensure your passwords for different services are complex and different enough so hackers cannot use brute force to figure out what they are. Why complex and different? Think back to the news when you hear about a breach of data at a company that you subscribe to? In most cases, people don’t even take note until they receive a class action claim letter in the mail. Well what if that password you used for that site or service was the same password you use for your work email (We’ve seen it!), then you just potentially exposed your entire company to an attacker.
There is no better time to make some adjustments than now to keep you, your staff, and your residents safe. Stay healthy!
Gary Jones is the General Manager of vcpi, which provides IT Managed Services for the senior living and post-acute care industries. He has been a long-time technology advocate of the industry and wants to help every provider bring their tech dreams to life.