According to the Cybersecurity and Infrastructure Security Agency (CISA), malicious cyber actors are taking advantage of public concern surrounding COVID-19 by conducting phishing attacks and disinformation campaigns. CISA is encouraging individuals to guard against COVID-19-related phishing attacks and disinformation campaigns by taking the following precautions:
- Avoid clicking on links in unsolicited emails, and be wary of email attachments.
- Do not reveal personal or financial information in emails, and do not respond to email solicitations for this type of information.
- Review CISA’s tips on Avoiding Social Engineering and Phishing Scams for more information on recognizing and protecting against phishing.
- Review the Federal Trade Commission’s blog post on coronavirus scams for information on avoiding COVID-19 scams.
- Use trusted sources—such as legitimate government websites—for up-to-date, fact-based information on COVID-19.
Consider sharing these tips with your employees to help keep your network secure.
Additional Cybersecurity Resources for COVID-19
- The CISA Insights: Risk Management for Novel Coronavirus (COVID-19) provides executives a tool to help them think through physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19.
- On March 6, 2020 CISA released an alert reminding individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19).
- On March 13, 2020, CISA released an alert encouraging organizations to adopt a heightened state of cybersecurity when considering alternate workplace options for their employees.
- CISA’s updated TIC 3.0 Interim Telework Guidance, released April 8, focuses on remote federal employees connecting to private agency networks and cloud environments in a secure manner.
- An April 8 Joint CISA/UK cyber alert details how cyber criminals and advanced persistent threat (APT) groups are targeting individuals and organizations with a range of ransomware and malware. The alert includes indicators of compromise (IOCs) for detection, and guidance for organizations and individuals on how to decrease the risk of cyberattacks.
With potential cyber threats coming from many different directions, it falls on each and every employee to be cautious and do their part in keeping your company safe.