We’ve all heard the saying “a crisis is an opportunity.”
Generally, this mantra is used as a motivational tool, encouraging us to find silver linings in tough situations. But this blanket positivity is a bit of a tough sell when we’re facing down threats like the COVID-19 pandemic. And while the coronavirus crisis doesn’t offer much in the way of opportunity for small businesses, there is one group that’s profiting from the disorder and confusion: cybercriminals.
It’s no secret that things are hard enough as it is for small businesses – and the last thing you need to worry about is a hacker infiltrating your system and hitting you while you’re down. To protect yourself from attacks and further business disruptions, businesses need to fully understand how these disruptions may be exposing them to risk.
Emerging Pandemic Cybersecurity Scams
“Unfortunately, criminals are very opportunistic. They see a vulnerable population out there that they can prey upon. People are scared and looking for help. People are trying to protect themselves and their families.”
Steven Merrill, chief, FBI Financial Crimes Section
The pandemic is bringing all of us into uncharted territory when it comes to business preparedness. Many companies have systems in place for data security, malware detection, or disaster recovery, but as we’ve seen, cybercriminals are coming up with new ways to exploit the chaos of the pandemic and attack business owners.
Just consider recent reports showing that coronavirus-related security threats increased 475% from February to March, with the bulk of attacks affecting government, hospitality, and healthcare sectors. (As if healthcare clinics didn’t have enough to worry about already, with particularly malevolent hackers using ransomware to specifically attack healthcare providers.)
The data alone tells the story, but we don’t have to look far to see examples of these problems in the real world.
The Federal Trade Commission (FTC) has warned citizens about the threat of stimulus check scams, the U.S. Department of Justice has issued enforcement actions against websites selling fraudulent vaccines, and there have even been reports of criminals using official World Health Organization (WHO) images and trademarks in email scams, designed to trick users into opening malicious emails. And this is just the tip of the iceberg. There are other avenues to consider as well, including the privacy and security risks inherent to teleworking.
It’s a lot to take in, but business owners aren’t alone in the fight.
Fighting Chaos With Stable, Reliable Cybersecurity Practices
A well-functioning security ecosystem relies on stability and consistency. Unfortunately, stability and consistency are in short supply these days. The widespread impacts of impacts of COVID-19 are creating plenty of discord across the business landscape, with cybercriminals specifically targeting vulnerable entities.
The FBI’s Internet Crime Complaint Center (IC3) recently issued a public notice warning businesses and workers about the increased threats they’re facing:
“In recent weeks, cyber actors have engaged in phishing campaigns against first responders, launched DDoS attacks against government agencies, deployed ransomware at medical facilities, and created fake COVID-19 websites that quietly download malware to victim devices.”
These threats illustrate the need for businesses to have a foundational security structure in place to insulate themselves against disruption. As best practices, we recommend the following tactics to start:
- Establish thorough controls for who can access and transmit sensitive data.
- Get familiar with the types of phishing schemes most likely to affect medical offices.
- Prepare a thorough small business disaster recovery plan that outlines roles, task prioritization, and responsibilities during times of crisis.
- Consider managed security services that let an outside provider assess, audit, and strengthen your IT security.
The IT security industry is facing more threats than we expected – but we’re also better prepared than ever before to handle emerging challenges that come our way.
If you need a quick rundown of whether your business is safe, download our free small business cybersecurity checklist. This is an easy, simple way to understand the types of threats you may be facing – and what action steps you can take to protect yourself from disruption.