As a small business owner, you’ve put in extra time and effort steering your company through these challenging times. It’s important to know that cybercriminals are hard at work too. Sadly, they’re finding original ways to exploit the coronavirus pandemic. The FBI reported a 300% increase in cybercrime by April 20, 2020.
Could you or your employees get phished?
“Phishing” refers to dirty tricks that get you to voluntarily install malware or give up information a scammer needs to breach your system. Unfortunately, some very smart people are falling for these fresh twists:
Fake COVID-19 messages from company leaders, attachments of remote work policies or even updates from the U.S. Centers for Disease Control and Prevention may ask you to click on links that install malware or ransomware.
Bogus communications from the federal government may ask you to provide Social Security numbers, bank account numbers, passwords or other vital info in order receive an economic stimulus check.
Other common scams involve charitable contributions, financial relief, airline refunds, fake cures or vaccines and fake COVID-19 testing kits.
What should you do?
Educate your employees on how to recognize phishing attempts.
Be suspicious of any emails related to the COVID-19 pandemic that invite them to click on a link or open an attachment – particularly if they come from government organizations or large companies with which they have no connection. As always, your employees should never provide confidential personal information when it’s requested in an email.
Remember that phishing attempts often originate in non-English speaking countries, so be on the lookout for oddball phrasing and typos.
Are your remote employees working securely?
You may have employees who are working from home during the COVID-19 crisis. If they’re using personal computers that don’t have up-to-date security and become compromised, they may transmit the malware to your company’s system when they interact with it.
What should you do?
Ideally, you should have a remote access process in place that limits storing proprietary company information on your employees’ personal computers and prevents malware from migrating to your company systems.
At a minimum, educate your employees on how to make their home systems secure by:
Encrypting computer drives
Requiring strong passwords for wireless networks
Installing and updating strong antivirus software
Requiring two-factor identification to access your systems
Using mobile device management software
Avoiding public Wi-Fi
Ensuring that VPNs and other remote working tools have been configured for security instead of using default system admin logins
Are you taking credit cards by email or phone?
If you’ve been forced to close your doors during the COVID-19 pandemic, you may be continuing to take orders from customers by collecting credit card information over the phone or through email. These orders are called “card not present” transactions – another area where you run into a cyber risk. Unfortunately, these transactions account for a large percentage of credit card fraud.
What should you do?
You will need to make sure you’re following Payment Card Industry Data Security Standard (PCI DSS) protocols as you would in your retail space. Learn more here.
Following PCI DSS standards will greatly reduce or remove the likelihood of having to pay fines or penalties in the event of a cardholder data breach.
Will your cyber insurance cover your losses?
Cyber insurance can help you hold onto your financial assets and repair your company’s reputation. Learn more here.
In most cases (including breaches triggered by coronavirus scams), your policy will help pay for:
Rebuilding your network and replacing lost income
Sending notifications to customers, compensating their losses and monitoring their credit reports (required in some states)
Handling crisis management and public relations
Paying regulatory fines and legal costs
Important: Shop carefully, because not every cyber policy covers breaches if you may have enabled them by falling for an avoidable phishing attempt. Also, some policies will only pay out if you meet several conditions, which may include:
Training your employees on avoiding social engineering
Maintaining an up-to-date firewall and virus protection
HOW ELSE CAN YOU PROTECT YOURSELF FROM A CYBERATTACK?
Some insurance companies provide small businesses with risk management services that provide free or discounted risk assessments, employee training and protective hardware or software.
Want to check out your options for top-rated cyber insurance ... which may include adding it to a money-saving business owner’s policy (BOP)? Call a licensed Mylo advisor for a custom consultation on the right coverage for you.
Thanks to Lockton Companies for the information in this article.
Up-to-date guidance for business owners in one place.
If you’ve lost your health insurance, you can enroll in a new plan.