As businesses struggle to deal with reduced budgets, staff reductions, supply chain disruptions, and transitions to a primarily remote workforce, security issues may take a backseat, leaving your company vulnerable. Without the proper cybersecurity in place to protect your data and systems, your company could be at risk for cybersecurity attacks. These attacks could not only cause unexpected downtime and lost productivity, they could lead to lost data, exposed sensitive information for both your company and clients, and damage your business reputation, ultimately causing rippling, long-term effects to your business. These threats are always present, but they are especially noticeable in times of crisis, like we are experiencing this year with the pandemic. Here are five threats to be on the lookout for and how to mitigate the risk.
Common cybersecurity threats
During a crisis, it can be difficult to recognize all potential threats in the midst of managing immediate disruptions and issues. However, this distraction provides a perfect storm for cybercriminals to take advantage. This year, the disruptions and challenges caused by COVID-19 have led to an upheaval in business practices, leaving many companies vulnerable to security scams and breaches. The following are five of the most common threats to have on your radar today:
✉️ Business Email Compromise (BEC) is fraud that exploits a company’s business email system. These types of scams typically use a spoofed email address that appears to come from an executive or manager. The goal of the email is to trick an employee into wiring money to a fake account, or to divulge sensitive information that would allow a cybercriminal to gain access to secure accounts and services. Due to the many emergency financial dealings during the pandemic, the request may not arouse as much suspicion as it would have under normal circumstances. Further exacerbating a company’s vulnerability is the fact that remote employees can’t simply walk down the hallway to confirm a directive or check an email’s authenticity. To reduce the risk from fraudulent business emails, it’s important to provide training and education to all staff members so they can better understand the threat, what to look for, and what do to if a suspicious email is received. Your IT department should invoke additional email security measures as well, especially if your business sees a significant influx of suspicious emails.
? IT department scams occur when cybercriminals pose as IT staff in an attempt to take advantage of COVID-19 disruptions to con employees into giving up passwords or other sensitive information. They often use social engineering tactics to give a message more legitimacy. For example, the cybercriminal may scour the Internet looking for any personal or company information they can use to lessen suspicions. To mitigate this risk, ensure all staff members are trained to always question, then verify when they receive an email request for sensitive information. Provide a policy for escalating questionable emails through a support system to ensure any threats are identified, quarantined, and addressed. The more you can train and educate your staff, they better equipped they will be to identify threats before they become significant points of risk for your business.
? Supplier scams are becoming more common because companies have been forced to work with new, unvetted suppliers. With so many closures due to the pandemic, existing suppliers can’t keep up with demand. Scammers may invoice for work not done, which may go undetected due to temporarily weakened controls. Additionally, cybercriminals can mimic a known supplier’s website and solicit purchases. They can then use the website to collect credit card information and never fill the purchase order, damaging your company’s reputation in the process. Be sure to pay close attention to all invoices coming into your business and verify completion of work prior to making a payment. Also, look for any duplicate purchase orders with the same vendor, materials, services, or quantities. These duplicates could indicate a potential supplier fraud scam.
? Data breaches are another threat many companies face. If security updates are postponed due to competing priorities or lack of resources, you may be inadvertently making it easier for cybercriminals to infiltrate your networks and steal data. To mitigate this risk, ensure all remote workers have up-to-date security on their devices and are trained on security best practices, as well as specific company policies and procedures.
? Government assistance scams exploit legitimate assistance programs. Cybercriminals may ask for up-front payment to receive assistance checks or they might collect personal or company data. Legitimate programs will not call you out of the blue and ask for information. If you receive a call and are unsure about the legitimacy, do not provide any personal information. Instead, tell the caller that it is not a good time and end the call. Then, call the agency back using a known, trusted phone number.
Mitigate your company’s vulnerability
When it comes to cybersecurity threats, your employees are both your biggest vulnerability and greatest defense. It’s imperative that employees are trained in security best practices and how to recognize threats, malicious activity, and risky behaviors.
Teach them how to monitor emails for red flags, such as requests for payments or other activity – especially those arriving at unusual times or using atypical language. Make sure staff members are aware of the risks of clicking on links in emails, especially if you are unfamiliar with the sender. Have them type in website URLs instead.
Also, advise staff to check via phone conversations to confirm that any changes or requests are valid. Give employees a central in-house contact where they can verify requests they may receive or report suspicious activity.