As the world deals with the fallout from the COVID-19 virus, many Canadian enterprises are transitioning to a fully remote workforce – some for the very first time. At the same time, cybercriminals are evolving quickly, finding new ways to exploit Canadians during these unprecedented times.
At Interac, fraud prevention continues to be one of our biggest priorities. We created this guide to help Canadian businesses and their employees stay educated and secure as they embrace new ways of working.
What to watch out for
Cyber security experts have reported that hackers have already mobilized to take advantage of public fear and uncertainty around the COVID-19 pandemic. One avenue of attack is “phishing,” which refers to attempts by fraudsters to impersonate genuine entities — for example, posing as a bank, government department or health organization, using an official-looking email — in order to trick someone into parting with sensitive information. Fraudsters may even target employees by impersonating the organization’s own leaders.
Watch out for false appeals for donations: Fake charities and relief efforts may solicit funds, not to mention sensitive information about your business. For example, the World Health Organization has warned that false/phishing links have posed as the organization to steal money or sensitive information.
If you need tips on protecting yourself against COVID-19 related phishing scams, click here.
- Relaxed security
Moving a large portion of your workforce from an office with monitored and secure networks to remote locations creates new opportunities for cybercriminals. Human error and relaxed security protocols elevate this risk.
It is important to remind employees of security guidelines and responsibilities as they become more accustomed to the “new normal.” This can include updating policies, increasing required training, encouraging the use of approved collaboration tools and sending regular tips and tricks on how to stay secure while working remotely.
Thousands of pandemic-related URLs have already appeared in the last few weeks, and many of them are likely either spreading misinformation and/or malicious software. These hackers have even exploited legitimate-sounding sources of information, using them as lures for malware — a popular tracking map created by Johns Hopkins University, for example.
Now, as much as ever, it’s important to pay careful attention to the source of all links before clicking on them.
Before acting on news about COVID-19 or circulating it among your colleagues and employees, verify that it’s coming from a trusted source. These are uncertain times, and businesses must act on the basis of the best information available — not misinformation.
Tips to protect your enterprise
There are other special cyber measures that enterprises should contemplate as they conduct more business remotely, including:
- Ensuring all employees are aware of their responsibilities and roles in adhering to the organization’s information security policy.
- Always using a reliable virtual private network (VPN) to create a secure connection to your organization’s network.
- Checking patch levels regularly and keep them updated.
- Updating network devices with the most current policies and anti-malware software.
- Implementing multi-factor authentication (MFA) for all authentication requests over the internet. MFA requires users to enter secondary verification – for example, a single-use code sent via SMS to a cell phone. Organizations and services that handle sensitive data and operations may use two or multi-factor authentication to prevent unauthorized use of their accounts.
- Using strong passwords.
- Reminding employees not to connect to open and public Wi-Fi networks.
- Being extra vigilant. Ensuring that your network and especially external-facing systems have security monitoring.
- Only using familiar, approved and authorized apps on company-issued devices. Working with your security leaders to confirm the validity of any unfamiliar/recently created apps.
- Ensuring you have up-to-date plans for continuation of business in case of disaster or calamity.
The advice that Interac has shared with Canadian consumers during Fraud Prevention Month — which you can read here — applies to businesses as well. The “Stop, Scrutinize, Speak Up” guidance, for example, reminds Canadians to look very carefully at the URLs and addresses of any message that purports to be official, in order to avoid phishing attempts.
With a continuous desire for new information, heightened sensitives over the future of COVID-19 and more Canadian workers working remotely for the first time, new cyber threats are emerging. Enterprises and employees need to stay vigilant to help protect themselves during these uncertain times.