Cybersecurity in the Time of a Pandemic

Earlier this month the FBI released a statement warning against increased instances of cybersecurity attacks on businesses and individuals during the coronavirus pandemic.

Among the Bureau’s recommendations was the suggestion to be wary of any links purporting to offer coronavirus cures, preventative equipment like N95 masks, or instant access to a stimulus package. As well as this, the statement noted that Americans can expect to see fraudulent activity from emails requesting money for charity, emergency relief, and notifying readers of airline carrier refunds. Instructing Americans to “always use good cyber hygiene and security measures,” the FBI urged computer users to be watchful.

Such warnings proved all the more relevant this week as the World Health Organization announced that it had been a target of an unsuccessful hack. Believed to be an attempt to steal information relating to the coronavirus that has not yet been released, the attacks highlights the high price that data or knowledge commands in modern life, but especially in a pandemic.

Speaking to Gene Reich, CEO of the SMB-focused IT services and cybersecurity firm Point, he explained that many hackers will strike while the iron is hot during a pandemic and seek to make money while business owners are stressed and many workers are using personal computers for professional actions.

“We’ll have more vulnerabilities because typically someone’s home computer is not well maintained or taken care of like a corporate device,” Reich explained. “There’s also a slew of new phishing emails around coronavirus that are happening. And I think there’s going to be an uptick of people taking advantage of a time where some businesses are at a disadvantage.”

The CEO warned that emails aren’t the only medium people need to be cautious of, as many phishing attempts come as phone calls. “A lot of times we talk about computers and tools, but I think that people will also be called and told, ‘Hey, this is the government, to get your stimulus package, press one,’ and then somehow they get their bank information.”

This is an example of what Reich describes as ‘social engineering,’ where someone is deceived into providing access to a network to a hacker, and that hacker may remain within that network for the short term or longer, waiting to target information or funds.

While Reich advises computer users to do the usual things of practicing caution with email attachments, links, and requests for personal information, he also mentioned one tactic that has seen complete success: shuttering the business. “Of course, there are some businesses who, unfortunately, shut the doors until further notice, and in an odd way, those people are protected, because they’re not using computers.”

Brendan Garrett was a Reporter at deBanked.