The world is slowing down during this COVID-19 pandemic. Wall Street is being hit hard. People are no longer going out. We’re told to quarantine or self-isolate and not engage in groups.

You can bet there’s one group that’s not slowing down at all. In fact, they’re probably working overtime while the rest of us have our lives turned upside down. Cybercriminals and hackers know there’s no better time to strike than during a global crisis. While you are distracted and spending your time trying to make sense of this new normal, they are finding new ways into your IT network so they can steal data and passwords, compromise your clients’ private information and even demand large ransoms.

Cybercrime is already on the rise and is expected to cause $6 TRILLION in damages by 2021! But if history repeats itself, hackers will be out in full force throughout this coronavirus scare. We fully expect in the upcoming weeks that headlines will change from stories about COVID-19 to accounts of a frenzy of cyber-attacks on corporations and small businesses.

Here are solutions you can implement now to help protect your business data, money and productivity:

1. Be more suspicious of incoming e-mails.

Because people are scared and confused right now, it’s the perfect time for hackers to send e-mails with dangerous malware and viruses. At this moment, your inbox is probably filled with “COVID-19” subject lines and coronavirus-focused e-mails. Always carefully inspect the e-mail and make sure you know the sender. There’s a cdc-gov e-mail address out there now that’s not legitimate and is spamming inboxes across the country.

Avoid clicking links in the e-mail unless it’s clear where they go. You should never download an attachment unless you know who sent it and what it is. Communicate these safeguards to everyone on your team, especially if they are working from home.

2. Ensure your work-from-home computers are secure.

Another reason we expect a rise in cyber-attacks during this pandemic is the dramatic increase in employees working from home. Far too many employers won’t think about security as their team starts working at the kitchen table. That’s a dangerous precedent.

First, make sure your employees are not using their home computers or devices when working. Second, ensure your work-at-home computers have a firewall that’s turned on. Finally, your network and data are not truly secure unless your employees utilize a VPN (virtual private network). If you need help in arranging your new work-from-home environment, we would be happy to get your entire team set up.

3. Improve your password strategy.

During crises like the one we are all facing right now, your passwords could mean the difference between spending your time relearning how to grow your business and trying to recoup finances and private data that’s been hacked. Make a point now to reevaluate your passwords and direct your team to create stronger passwords.

Also, while it’s so convenient to save your passwords in your web browser, it also lessens your security. Because web browsers simply require their own password or PIN to access saved passwords, a skilled hacker can bypass this hurdle. Once they access your saved passwords, they can steal as much as they want – credit card information, customers’ private data and more!

Instead, you should consider a password manager to keep all of your passwords in one place. These password managers feature robust security. A few options are [LastPass, 1Password and Keeper Security Password Manager].

You, your team and your family have enough to concern yourselves with in regards to staying healthy, living a more isolated lifestyle and keeping your business strong. There’s no need to invite in more problems by letting your computer and network security slide during these times.

If you need additional security advice or would like to have a consultation to discuss how to keep your data safe, simply connect with us today.

Fear is a fantastic way to spread malware, which is why hackers around the world are using the fear of a flu pandemic as a hook to install a nasty strain of ransomware.

Researchers at MyOnlineSecurity have detected a cunning email campaign which spoofs the Centers for Disease Control and bears headlines warning of a Flu Pandemic.

The message is short and to the point, explaining that a flu pandemic has been detected and urges recipients to read the attached document for further instructions to protect their families and help keep it from spreading.  The instructions also helpfully include the note that in order to view the document properly you’ll need to click the ‘Enable Editing’ button.

The attachment bears the name “Flu Pandemic Warning,” which reinforces the message itself. It’s an excellent choice from the perspective of the hackers, because they know that a relatively high percentage of those who receive this message from what appears to be a trusted agency will open it.

Unfortunately, the moment they open the file and click to enable editing, they doom themselves.  The word document is poisoned and contains scripts that will install the GrandCrab v5.2 ransomware on the victim’s machine, which will promptly lock their files and demand a hefty payment.

While this is a nasty and especially effective campaign, it’s not the only one that the creators of Grand Crab are engaged in.  Recently, the Chinese government issued their own alert, stating that beginning on March 11, various government departments were bombarded with phishing-style emails intent on installing ransomware on their servers.

All that to say, vigilance is more important now than ever.  There’s no telling how long this campaign will run, or what may come after it, but one thing you can be sure of.  They’re not going to stop.

If you do business with either American Express (AMEX) or Netflix, be on the alert.  Windows Defender Security Intel has recently reported the detection of two major new phishing-style campaigns aimed at the customers of both businesses.

Recipients have been receiving emails that appear identical to official Netflix and American Express communications.

In both cases, the ultimate goal is to convince customers to hand over their credit or debit card information. Microsoft has sent a couple of different tweets out about the issue.  One of them assures customers that “Machine learning and detonation-based protections in Office 365 ATP protect customers against both campaigns.”

And another warned that “The Netflix campaign lures recipients into giving away credit card and SSN info using a ‘Your account is on hold’ email and a well-crafted payment form attached to the email.”

The unfortunate truth is that emails like the ones currently in play are extremely easy to craft and very compelling.  The hackers simply play on the fears of the customer, making it sound as though if they don’t take immediate action they’ll lose access to a valued service they’ve come to rely on.

There’s essentially no cost to the hacker for pushing out hundreds, or even thousands of emails like the ones currently being used. For each victim that falls prey to the tactic, the costs can be enormous.

As ever, the first best line of defense is education and awareness.  In addition to that, if there’s ever any question at all about the status of your account, the best thing you can do is to address the issue via another channel.

In other words, don’t simply reply to the email you received.  Open a new tab, look up the company’s customer support number and call to verify.  Doing so will tell you in short order whether the email you received was legitimate, or someone trying to separate you from your hard-earned money.