Cyber Risks & Liabilities Newsletter
Beware of These COVID-19-related Cyber Scams
There are always opportunists who will act quickly to exploit a major event for their own gain while threatening the safety of others. The COVID-19 pandemic is no different, with cyber criminals aiming to take advantage of the confusion, distraction and large-scale shift to remote work resulting from the pandemic.
The most common COVID-19-related cyber scams include the following:
- Phishing using COVID-19 as a lure
- Malware distribution using COVID-19 as a lure
- Registration of new domain names containing wording related to COVID-19
- Increased attacks against new remote access and teleworking infrastructures
Typically, scammers will attempt to impersonate a reliable entity. In the case of the COVID-19 pandemic, there have been reported cases of cyber attacks posing as the following:
- Government entities offering assistance
- Internal IT or technical support teams providing support or cyber security tips
- Health agencies providing safety resources
- Organizational leadership issuing an alert
- Non-profits seeking donations
In many cases, phishing tactics are used in conjunction with imitation websites to further the ruse of legitimacy.
Fortunately, these attacks generally rely on the same basic social engineering methods as traditional cyber attacks—enticing users to carry out a specific action such as clicking a link or opening a file via manipulation and misinformation. As such, these attacks can be avoided through the following methods:
- Notify and educate users of the risks.
- Be wary of emails from unknown addresses.
- Do not divulge personal information to unknown entities.
- Use strong, unique passwords and usernames for each account.
- Reference multiple sources to avoid misinformation.
3 Risks Associated With Removable Media Devices
Portable hard drives, USB flash drives, memory cards and other types of removable media are vital for the quick storage and transportation of data. For many businesses, removable media can be used as backup storage for critical digital files or even free up additional storage space for work computers.
While removable media is easy to use and has many business applications, it isn’t without its share of risks. The following are some considerations to keep in mind when using removable media at your organization:
- Data security—Because removeable media devices are typically small and easy to transport, they can easily be lost or stolen. In fact, every time you allow an employee to use a USB flash drive or other small storage device, your organization’s critical or sensitive information could fall into the wrong hands. What’s more, even if you encrypt your removable storage devices, you will not be able to recover lost files once the USB flash drive or other device is lost.
- Malware—Simply put, when employees use removable media devices, they can unknowingly spread malware between devices. This is because malicious software can easily be installed on USB flash drives and other storage devices. In addition, it just takes one infected device to infiltrate your organization’s entire network.
- Media failure—Despite its low cost and convenience, removable media is inherently risky. This is because many devices have short life spans and can fail without warning. As such, if a device fails and your organization doesn’t have the files backed up, you could lose important files and data.
Thankfully, there are ways to mitigate risks associated with removable media. To use these devices effectively while maintaining data security, consider doing the following:
- Develop a policy for removable media use.
- Install antivirus software that scans removable media devices.
- Ensure all removable media devices are encrypted. Passwords to these devices should never be shared.
- Instruct employees to never use unapproved removable media in a computer.
- Have employees keep personal and business data separate.
- Establish a process for wiping all portable media devices when they are no longer needed.
Review These Common Cyber Security Terms
Part of practising effective cyber security at your organization includes understanding and correctly using industry terms. Stay in the know with these common cyber security terms:
BYOD (Bring Your Own Device): Refers to employees bringing their own mobile devices such as cell phones or tablets to work and using them for work purposes.
IoT (Internet of Things): Refers to the web of devices connected to the internet—including computers and mobile devices, as well as non-traditional devices like office heating and air conditioning, doorbells, smart lights and smart speakers.
DDoS (Distributed Denial of Service): A type of cyber attack that attempts to overload the entire network until it collapses.
Blockchain: A type of database commonly associated with bitcoin that uses a chain of data chunks designed to prohibit the alteration of any data without affecting the rest of the chain.
Deep Learning: A new type of artificial intelligence that uses algorithms to create neural networks inspired by the human brain.
Phishing: A common type of cyber attack soliciting private information in an attempt to fool a user into divulging confidential personal and financial information.
VPN (Virtual Private Network): A tool used to route your device’s internet connection through a private server rather than your internet service provider (ISP), thus masking your location and encrypting traffic.