Playing Offense and Defense Against Cyber Attacks amid Pandemic

For nearly four months now, the world has kept the coronavirus pandemic in focus.  The CDC has bombarded us with infection data and images of masked people standing in unemployment lines.  Despite attempts to remain hopeful, there is yet another sinister threat lurking in the peripheral—cyber attacks.  Seeing the pandemic as an opportunity to prey on the unsuspecting, cybercriminals are ramping up their attacks.  Now is the time to play offense and defense against these scammers.

So, here is what you need to know about cyber attacks during the pandemic.  Hopefully this information will allow you to recognize threats, and ultimately prevent your company from becoming a victim.

Cyber Attacks and Crazy Clicking

Image of a finger clicking a link, as what can happen to enable cyber attacks.

In this hyperlink era we live in, it’s practically second nature to mindlessly click away.  Especially during the coronavirus pandemic, people are eager to know the most current information about what is happening.  However, beware of getting too lax with that pointing finger.  Just because it appears when you hover over a hyperlink doesn’t mean it’s pointing you in the right direction.  In fact, there’s a good chance it’s misleading you altogether.  That hyperlink could take you to a repository, capturing your sensitive identification information, if you enter it.  Alternatively, the link could engage malware on your computer, accessing your system or crashing your computer altogether.

So, here are some ways you can help identify attempted cyber attacks through email.  First, you probably don’t recognize the sender.  As in, the sender isn’t someone or from a company you were expecting to hear from.  Second, the email address isn’t a business email address.  In other words, it was probably something like janedoeXYZcompany@gmail.com.  Third, there were likely many spelling and grammatical errors.  Finally, the sender probably instructed you to click a link embedded within the email. 

So, if you see any combination of those items, be sure to scrutinize the email before responding.  If you are unsure, don’t respond.  A legitimate business associate or prospect will follow up if they don’t hear from you. 

Document-Do-Not

Along the same lines as clicking links, opening documents within emails can put you at risk of cyber attacks.  Perhaps you’ve noticed that sometimes when you open a document from an email, a notice pops up on your computer.  The notice will typically say something along the lines of the sender coming from outside the system.  Then, it will ask if you trust the sender or if you still wish to open the document.  That is your computer’s smart way of giving you an opportunity to opt out before you potentially do something irreversible. 

Image of a this WARNING: This email originated from outside ___.  DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe.  This wards off cyber attacks.

So, follow the same protocol you use with the links embedded within an email.  Don’t open a document unless you are certain about the sender.  You may have received an email from someone claiming to be with the CDC or the WHO, presenting updated information or announcements about the coronavirus.  The CDC warns against those emails, urging people to avoid opening them.  They advise visiting the CDC website instead, where people can get the most current pandemic-related information.

Fake Infection Phishing Cyber Attacks

As emails appear to be a preferred method for targeting victims, security experts are seeing an increase in phishing attempts from fake hospitals, notifying individuals that a colleague had exposed them to the virus.  Security experts warn that these are attempted cyber attacks, and that the cybercriminals aim to steal money or sensitive information. 

Along with this, the FBI warns against companies that claim to prevent or cure COVID-19, or that sell counterfeit PPE (personal protective equipment).  Employers can easily fall victim to these types of scams, out of concern and good intentions of protecting their employees. 

Cybercriminals Zooming In

One of the stranger types of cyber attacks has taken place right in front of your eyes during the coronavirus pandemic.  That’s right, Zoombombing (or Zoom raiding) is when an uninvited and unwanted individual enters a conference call and creates disruption.  Sometimes the hijacker simply attends the meeting, largely unnoticed.  Other times, the individual makes lewd or racist comments, or present visuals of obscene material.  While this can be a nightmare for schools engaging in virtual learning, it can be particularly worrisome for businesses, especially if discussing sensitive company information during the conversation.

Photo of a Zoom conference call, a place where cyber attacks are common.

There are, however, ways to minimize the risk of becoming a victim of this kind of cyber attack.  For example, you could choose another virtual meeting platform altogether.  However, if you are partial to Zoom due to familiarity and ease of use, there are steps you can take to help protect yourself and your company.  Zoom recommends taking the following steps:

  1. Use a per-meeting ID instead of your Personal Meeting ID.
  2. Utilize the “waiting room” feature as a way to vet meeting attendees prior to the meeting.
  3. Disable functions that give attendees control of the meeting, such as joining before the host and screen sharing.
  4. Lock the meeting after all attendees have arrived.

While tech-savvy or determined hijackers may still find a way, these measures should help ward off many Zoomboming attacks.

Unknown Sender and Subject

It should go without saying that if you receive an email from an unknown sender who doesn’t include a subject that you should not open it.  However, this big DON’T must be included, because many of us are just so curious about what could possibly be in the email.

Think about it this way: anyone who has any business with your company will be sure to identify him/herself, and will clearly state his/her business.  Business people with a real purpose have no time for being mysterious or playing guessing games.  So, don’t be tempted to open the email at all, because it will result in irreversible damage.

Playing Offense and Defense on Cyber Attacks

While cyber attacks have been in existence as long as the internet has been around, the coronavirus pandemic has led to a new wave of attempts.  Cybercriminals are seeing increased fear and use of virtual platforms as an opportunity to scam individuals and companies.  However, you don’t need to fall victim to their antics.  There are ways you can protect yourself and your company, such as avoiding clicking links or opening documents from unknown sources.  Also, you can review your settings on virtual platforms, such as Zoom, to make sure your meetings are as secure as possible.

Although it may seem like a lot of work to play offense and defense against cyber attacks, it is worth.  You have enough things to worry about amid the coronavirus pandemic; you don’t need to add more stress by leaving your company open to cyber attacks.  So, remember to remain alert and don’t let those cybercriminals get the best of you.

*Help stop cybercrime by reporting criminal activity here.

Image of a caution symbol and the words "Scam Alert!" warning of cyber attacks.

About Journey Payroll & HR

Service: We believe if you offer a great price and great technology, but don’t have A+ level service, it’s worthless. 
Technology: Journey has the advantage of being forward-thinking and fast-moving.
Value: We realize cost is an important consideration and set extremely fair pricing.
Our decisions are not based on stockholders, but on clients looking for advanced offerings.

This is not meant to provide legal counsel or advice. Every situation is different. Please contact an HR professional or employment attorney before taking any action.

Journey Locations

Locally owned and operated.
Thank you for staying local! Find a location near you, by clicking here.