Due to the COVID-19 (AKA “Coronavirus”) pandemic, many organizations are implementing telework or work-from-home policies to maintain business continuity while “flattening the curve” on the spread of the virus through social distancing. Unfortunately, this has opened up opportunities for bad actors to take advantage of the situation and try to trick people with phishing emails that are disguised as COVID-19 virus updates.
Cybersecurity experts are reporting a rise in attacks designed to capitalize on those who are both isolated and operating without the benefit of their organization’s cybersecurity infrastructure. The problem is, while we practice social distancing, devices are being brought home, becoming unprotected from the organization’s firewalls and network security hardware. Cyber criminals rightly see this as a ripe opportunity to gain access to company and personal intellectual property.
In the event you are working remotely in the coming weeks, Owl has some best practices for staying cyber aware and safe while working from anywhere, courtesy of our IT Director, Russ Banks:
- Updates on COVID-19 virus from your organization or child’s school will always come from a manager, principal, HR or Executive staff member – be sure to check the email address of the sender as the names can often be spoofed.
- Watch out for email senders that use suspicious “copycat” or misleading domain names or emails that do not address you by name – many scammers will use generic terms like “Dear Customer” or “All Employees.”
- Do not click on links or attachments unless you are sure of their source and/or have anticipated receiving them. Be especially wary of .zip or other compressed or executable file types.
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
- Do not download files from the Internet unless you are downloading from a trusted source.
- Do not download files that are from links in email or online unless you are certain of the sender.
- Do not provide sensitive personal information (including usernames and passwords) over email.
- If you can’t tell if an email is legitimate or not, you can call the sender, forward a copy to your IT department along with the Internet header information, or just delete it.
Let’s continue to flatten the curve of COVID-19 and keep our devices safe and sanitized, too! If you have a cybersecurity question, concern, or need over the next few weeks, you can reach out to our team via live chat at owlcyber.staging.wpengine.com or send us an e-mail at firstname.lastname@example.org