This article was written and produced by Brandon Agostinelli, FoxPointe Solutions. Looking to get in touch with Brandon? Reach out today: firstname.lastname@example.org.
As part of our everyday lives, both in and out of the workplace, having a heightened awareness for information security is getting more important by the day. As innovation in technology heavily influences how our government, business, and day to day lives operate, new potential methods of exploitation are discovered by criminals every step of the way. But in this case, the COVID-19 global pandemic has forced many people out of a job and has also forced people to rely on technology in every aspect of their lives, both in and out of work. Whether that’s something as simple as working from home, receiving Telehealth services, or online communication, people have had to leverage technology more than ever before to try to maintain their lives throughout this pandemic. With over three million Americans now out of work, worries over keeping food on families’ tables and making rent and mortgage payments are now at the center of people’s minds. This increased anxiety caused by the COVID-19 outbreak has yielded more opportunity for cyber criminals to attempt to exploit people. The amount of stress on the average person caused by a crisis such as this makes them more likely to make behavioral mistakes when online. Below are a few examples of common exploitation that we are seeing in larger numbers due to the pandemic:
- Phishing emails: Cyber criminals are very good at creating emails and messages that play to current topics and stories to grab people’s attention and interest, therefore making them more vulnerable to clicking on a link that they would otherwise avoid. Emails describing what people can do to limit their exposure, reporting on infection statistics, and communicating information on potential cures are all examples of messages that are being used by cyber criminals to get your attention. Trustworthy sources are often used by cyber criminals in order to trick you and make it more difficult to tell that it is a phishing email.
- Remote work: People who are fortunate enough to still be working through this pandemic are being required to work remotely (usually from home) in large numbers. Cyber criminals are attempting to take advantage of this by exploiting the mass use of virtual private network (VPN) technology, which is a recommended best practice remote work solution. Cyber criminals have tried to exploit the increase in demand for VPN usage with targeted attacks such as tricking users into downloading malicious software (malware) acting as a VPN solution and by stealing users’ credentials via phishing (as described above).
- Social engineering: Now that almost all communication in both our business and personal lives is done digitally or via phone, cyber criminals are more motivated to utilize social engineering to gain access to information, money, etc. Whether it’s criminals posing as a family member when calling elderly relatives or posing as you when calling the human resources department at work, it happens, and is happening more because of this pandemic. It is vitally important that the identity of anyone requesting access to protected information is verified.
In addition to everyone’s worry and need to continue to provide for their families, it is important that we all remain vigilant when interacting with people online and never reveal personal or financial information in an email, and do not respond to requests for that information. Cyber criminals are not sympathetic to what is going on in people’s lives; instead, they use people’s anxiety and suffering to further exploit them. Go out of your way to support those in need any way possible and help educate others on the importance of general information security awareness, especially during a time like this.
FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.