Coronavirus Cyber Crime Continues to Grow as Organizations are Vulnerable

Cyber criminals have taken advantage of the COVID-19 pandemic to breach an increasing number of corporate systems. Find out how to safeguard your organization’s network during these especially vulnerable periods.

THE ONE MINUTE TAKEAWAY

Viruses aren’t the only bad agents threatening businesses in the wake of COVID-19. Cyber criminals are preying on both vulnerable corporate networks, some taxed by a remote workforce on laptops, and healthcare networks working overtime to meet patient needs.

Cyber criminals are studying email correspondences to seek out weaknesses in the way organizations are currently operating. They’re finding new opportunities to target employers who are testing new remote protocols and procedures, which in many cases can lead to a fraudulent transfer of funds when the instructions aren’t verified.

They’re even baiting curious and anxious employees with phony websites impersonating corporate organizations, and then inserting malware into their business network. It is estimated that there are 2,000 coronavirus-related sites created every day, most of them malicious. These sites are targeting states with high infection rates to try to steal information and credentials. Fishing emails and fraudulent text messages have also become more frequent.

As always, a network’s greatest cyber vulnerability is its own employees. Workers must be trained to be even more vigilant given the current climate. Strategies to be implemented should include the following:

  1. Review current IT policies. Organizations should review their current policies regarding remote access with their remote workforce. Inform employees of the approved technology by your company and the proper ways to use the technology. Implement controls for all transfers of funds, regardless of the size, and especially when there has been a change in a process or procedure. Similarly, remind your employees not to share personal or business-related confidential information that they wouldn’t feel comfortable sharing with a family member or close friend. Internally, consider how to manage layoffs of remote workers should there be terminations during this stay-at-home period. Businesses will need a plan for how to repossess work equipment in this scenario.
  2. Use strong Wi-Fi and passwords. While some employees are currently sheltering in place at home where Wi-Fi is encrypted, many are still using phones, iPads and other devices remotely to access their business email or intranet while in line at the grocery store. Ask employees to use more robust passwords now (not 123456).
  3. Secure online meetings. When using Skype, Teams, Zoom or GoTo Meeting, make sure to utilize the most up-to-date security protocols to prevent outsiders from accessing your meetings. Refrain from using your personal meeting ID. Instead, use a per meeting ID with a password each time and enable the waiting room feature to see who is attempting to join before providing access. Disable the join before host option and lock the meeting from outsiders once it begins. Visit your videoconferencing platform’s website for more information as well as video tutorials on security.
  4. Only visit reliable sites. Teach employees to recognize which websites offer reliable data on the current crisis and ask them to avoid visiting sites on their work devices that aren’t reputable. For COVID-19 crisis updates, instruct them to visit only the CDC, WHO and FEMA sites. Only employees should use remote equipment. A child could easily inadvertently open a door to a cyber breach using mom or dad’s work computer (for example, a high school student who uses mom’s work computer to download a new application for her online class).
  5. Identify a cyber breach response plan. While you likely don’t have the bandwidth to create a full plan right now, it’s important to put together a one-page list of internal and external contacts necessary post-breach. Include contacts for law enforcement, all stakeholders—C-suite and directors and officers—your cyber-crime insurance broker, a privacy attorney and a forensic investigator. Timing and communication post-breach will make or break it for an organization. This one-page list will be key to coming out on top.
  6. Report a cyber-crime immediately. Cyber-crimes aren’t reported to law enforcement at the same rate other crimes are, although they should be. The FBI’s Cyber Division works exclusively on these crimes and can provide increased protection when they are reported.
  7. Perform all system updates. Security patches should be maintained and updated regularly on both individual laptops and the business’ network. While simple, this will act as a critical baseline firewall for the network.
  8. Talk to your cyber coverage broker now. Key questions to address with your broker when creating the plan are: Do your policies cover “bring your own” device exposures, third party computer systems that may have interruptions in service and other potential exposures like social engineering?

Now more than ever, as operations are moving towards additional digital platforms, their exposures to enhanced cyber risk and vulnerability are increased as well.

While dealing with and recovering from the aftermath of the pandemic, more businesses are at a higher risk of becoming the victims of cyber-attacks. In one prevalent fraud tactic known as social engineering, criminals first gather information, then form relationships with key people and finally execute their plan, often via email. Gone are the days where malicious actors send poorly worded emails; sophisticated methods are now being deployed that can trick even the most trained employee into releasing sensitive data.

There are several methods of social engineering that are seen frequently, including the following:

  • Business Email Compromise (BEC)/email phishing: The email accounts of high-level business executives (CEO, CFO, etc.) may be mimicked or hacked. A request for a wire transfer, W-2 form or other sensitive information from the compromised email account is made to someone responsible for processing transfers. The demand is often made in an urgent or time-sensitive manner.
  • Spear phishing: Spear phishing is an email aimed at a particular individual or organization, desiring unauthorized access to crucial information. These hacks are not executed by random attackers but are most likely done by individuals out for trade secrets, financial gain or military intelligence. Spear phishing emails appear to originate from an individual within the recipient’s own organization or someone the target knows personally.
  • Whale phishing: A whale phishing attack is a type of phishing that centers on high profile, senior level employees such as the President or CEO. It is aimed at stealing vital information, since those holding higher positions in a company have unlimited access to sensitive information. The term whaling signifies the size of the attack, and whales are targeted depending on their position within the organization. Since they are highly targeted, whaling attacks are more difficult to notice as opposed to the standard phishing attacks.
  • Interactive voice response/phone phishing (aka vishing): This tactic consists of using automation to replicate a legitimate sounding message that appears to come from a bank or other financial institution. The message then directs the recipient to respond in order to “verify” confidential information.
  • Bogus invoice: A business that has a long standing relationship with a supplier is asked to wire funds to pay an invoice to an alternate, fraudulent account via email. The email request appears very similar to a legitimate account and would take very close scrutiny to determine whether or not it was fraudulent.

Fortunately, the insurance industry has developed policies that can transfer these risks. Having a knowledgeable specialist walk you through the exposures, and properly address them with the right insurance product, will ensure that your balance sheet is protected and assist in mitigating the event if and when it occurs. The most effective risk management plans aim to prevent social engineering fraud incidents from happening and mitigate the damages if they do.

Working with a specialty insurance broker who understands the coverage issues and negotiates coverage that is customized towards your business’ risks is key in guaranteeing balance sheet protection and preventing additional disruption to your business. Most importantly, stay safe and vigilant and we will get through these times together.

Weisburger Insurance Brokerage, a Division of Program Brokerage Corporation, is the nationally endorsed insurance broker of the National Pest Management Association (NPMA). With over 80 years of experience, our experts are able to review your current coverage and identify ways to best protect your pest control business during the dips and peaks of the industry. For more information, please contact Weisburger at 800-431-2794, [email protected], or visit our site at www.weisburger.com.

BY GARY SHAPIRO, SENIOR VICE PRESIDENT, WEISBURGER INSURANCE BROKERAGE