Note: This article contains content and images originally published by Interac. Republished with permission, August 2021.
As the world deals with the fallout from the COVID-19 virus, many Canadian enterprises are transitioning to a fully remote workforce – some for the very first time. At the same time, cybercriminals are evolving quickly, finding new ways to exploit Canadians during these unprecedented times.
This means that fraud prevention should be a big priority for every business. Here’s some great guidance from Interac to help your business and employees stay educated and secure as you embrace new ways of working.
What to watch out for
Cyber security experts have reported that hackers have already mobilized to take advantage of public fear and uncertainty around the COVID-19 pandemic. One avenue of attack is “phishing,” which refers to attempts by fraudsters to impersonate genuine entities — for example, posing as a bank, government department, or health organization, using an official-looking email — in order to trick someone into parting with sensitive information. Fraudsters may even target employees by impersonating the organization’s own leaders.
Watch out for false appeals for donations: Fake charities and relief efforts may ask for funds, not to mention sensitive information about your business. For example, the World Health Organization has warned that fraudsters have posed as the organization to steal money or sensitive information.
2. Relaxed security
Moving a large portion of your workforce from an office with monitored and secure networks to remote locations creates new opportunities for cybercriminals. Human error and relaxed security protocols elevate this risk.
It's important to remind employees of security guidelines and responsibilities as they become more accustomed to the “new normal.” This can include updating policies, increasing required training, encouraging the use of approved collaboration tools, and sending regular tips and tricks on how to stay secure while working remotely.
Thousands of pandemic-related URLs have already appeared in the last few weeks, and many of them are likely either spreading misinformation and/or malicious software. These hackers have even exploited legitimate-seeming sources of information, using them as lures for malware — a popular tracking map created by Johns Hopkins University, for example.
Now more than ever, it’s important to pay careful attention to the source of any link before clicking on it.
Before acting on news about COVID-19 or circulating it among your colleagues and employees, verify that it’s coming from a trusted source. These are uncertain times, and businesses must act on the basis of the best information available — not misinformation.
Tips to protect your enterprise
Here are some special cyber measures that your enterprise should consider as you begin to conduct more business remotely.
Measures to help employees stay secure
- Ensure all employees are aware of their responsibilities and roles in adhering to your organization’s information security policy.
- Remind employees not to connect to open and public Wi-Fi networks.
- Make sure employees are all using strong passwords – here are some tips.
Measures to keep your business secure
- Always use a reliable virtual private network (VPN) to create a secure connection to your organization’s network.
- Check patch levels regularly and keep them updated.
- Update network devices with the most current policies and anti-malware software.
- Implement multi-factor authentication (MFA) for all authentication requests over the internet. MFA requires users to enter secondary verification – for example, a single-use code sent via SMS to a cell phone. Organizations and services that handle sensitive data and operations may use two or multi-factor authentication to prevent unauthorized use of their accounts.
- Be extra vigilant and ensure that your network, especially external-facing systems, has security monitoring.
- Only use familiar, approved, and authorized apps on company-issued devices. Work with your security leaders to confirm the validity of any unfamiliar or recently created apps.
- Ensure that you have up-to-date plans for continuation of business in case of disaster or calamity.