Cybercrime During COVID-19: How to Protect Your Organization & Recover Swiftly

One benefit of working in a connected economy, particularly amid a global pandemic, is the ability to maintain some business operations remotely. However, this also provides an opportunity for cybercriminals. An August 2020 INTERPOL assessment showed evidence of criminals taking advantage of increased security vulnerabilities to steal data, generate profits, and cause disruption while organizations rapidly deploy remote systems and networks to support staff working from home. 

Here are some cyber hygiene recommendations you should be especially aware of during this time:

1. Beware of Suspicious Emails: As most of us are already inundated with emails from many organizations ranging from travel and restaurants to even our own workplace, malicious actors have sent out information claiming they know what to do during the COVID-19 pandemic. Be wary of emails from senders you don’t recognize. Don’t click on links or download anything from those emails.
2. Verify Emails: If an email gives you instructions on what to do, verify it’s legitimate. Hover your mouse over the return address to make sure it’s from a source you recognize, as in the example below. If it’s not, it’s likely one you shouldn’t open.  
    
3. Be Aware of Phone Calls: Working remotely may require that employees increase use of mobile phones. There are many pretext calling techniques cybercriminals use to attempt to gather personal or business-related information. If you don’t recognize the number that appears, let it go to voicemail.
4. Use Caution on Social Media: During times of crisis, people will use social media to report their status, as well as communicate with others. Social media platforms can be an effective communication tool; however, malicious actors can use information on social media to take advantage of the situation. Adjust the privacy settings that many social media platforms offer to control who sees your content. You also can limit your communications to only your friends or your network. Be wary of anyone you don’t know trying to connect with you. Also, be aware that they may use elements of emotion to get you to respond to them. For example, someone could pose as a person in crisis, asking for money or donations.
5. Stay in Contact with Those You Know: While staying wary of cybercriminals, do keep in contact with your friends, families, and co-workers. Share information, especially as you learn of potential scams or social media attacks. Working together, you can help mitigate the potential effect.

What If You Become a Cybercrime Victim?

Unfortunately, identity theft and other cybersecurity mishaps can happen to even the most vigilant among us. While following these tips will help protect you from most cybercriminals, it’s important to have a recovery plan in place to mitigate the negative effects of a successful attack. For example, if an organization suspects someone is using its business name or employer identification number (EIN) to submit fraudulent tax returns or Forms W-2, it should complete and submit Form 14039-B, Business Identity Theft Affidavit, to the IRS. 

Here’s a guide for determining when to use Form 14039-B:

*Form 14039, Identity Theft Affidavit

Learn more about how to identify the signs of identity theft and reporting procedures, as well as what the IRS is doing to protect taxpayers, on the agency’s Identity Theft Information for Businesses page. 

Not sure if your organization is prepared to respond to a cyberthreat? BKD Cyber professionals can help you assess the strength of your incident response program, assist in developing your custom incident response plan, or test your existing plan against cyberthreat scenarios. They can provide support if your organization faces an actual attack. This includes providing computer forensic services to assess the effect of a breach.

As everyone works toward a return to normal, we’re here to help with your cybersecurity needs. If you have questions, reach out to your BKD Trusted Advisor™, submit the Contact Us form below, or visit bkdcyber.com. In addition, follow us on Twitter @BKDAdvisory or visit our COVID-19 Resource Center for the latest on COVID-19 services, including this BKD Thoughtware® webinar where our trusted advisors present the biggest cybersecurity threats facing the nonprofit and public sector industries and share best practices to help organizations identify and deter cyberattacks.