How can businesses protect against rising Covid scams?

How can businesses protect against rising Covid scams?
(Image credit: Future)

The pandemic has completely changed how we live, from the way we socialize to the way we work. With many of us spending far more time online from home, criminals have been quick to adapt their tactics – creating a whole host of new scams which businesses must be more aware of given the large numbers of staff still working remotely. The threat for businesses is also intensified by the fact many employees are accessing work files and information from home across both corporate and personal devices.

Who is primarily being targeted by the scammers and why?

Surprisingly, the younger generation has experienced more scams. Our research found that digital natives are more likely to have experienced a scam, despite typically being savvier online than older generations. The statistics showed us that 60% of respondents aged between 16-24 had been scammed online. This is compared to 6 in 10 Baby Boomers claiming they have never fallen victim to a scam.

This generational divide can be attributed to the fact the younger generation spend far more time online, with criminals targeting popular online activities such as shopping (46%), streaming (16%) and banking (15%).

Social media also continues to pose a risk, with significantly more of the younger generation using these sites to keep up-to-date with their friends and family. This generation is also more likely to use social media to log into third-party sites, with 41% of millennials have used social media to do so. Yet, three in 10 rarely check their security settings on social platforms, increasing the risks of encountering an online scam.

What can businesses do to protect employees using work devices to access personal accounts?

With such high numbers of staff working remotely, businesses are now facing the expanded threat surface which comes with a widespread remote workforce. As a result, organizations must go beyond establishing baseline protocols to create and maintain a secure environment. It is important that businesses educate their workforce on best practice such as reporting any suspicious activity, questioning whether a link is dodgy or thinking before accepting a stranger’s invitation to connect on LinkedIn. When you consider the potential impact to the bottom line if a cybercriminal makes it through enterprise defenses, it’s clear that cybersecurity should be a priority for every employee, including the C-suite. The CEO and wider leadership team should lead by example to help foster a culture of cyber-awareness.

Beyond training and awareness, businesses must ensure that they have built vital cybersecurity hygiene into all of their processes. For instance, taking a shared responsibility approach to cloud and data security will help to ensure remote workers can be productive without compromising corporate information. Importantly, good cybersecurity is important for more than fending off attacks. When organizations get it right, it also helps to unlock business growth, through the secure adoption of new, innovative technologies, which will give the company a competitive edge.

With many businesses moving to cloud based collaboration, who is responsible for securing the business’ data?

With many businesses moving to cloud-based collaboration to enable the almost overnight shift to remote working, organizations must recognize that securing data in the cloud is a shared responsibility that doesn’t fall solely on end-users. All stakeholders, from cloud service providers to businesses to the end-users themselves, have a role to play in this layered defense. By taking this collaborative approach, companies can rest easy knowing they are taking a critical step in meeting today’s complex security challenges.

COVID-19 campaigns typically use pandemic-related subjects including testing, treatments, cures, and remote work topics to lure targets into clicking on a malicious link, downloading a file, or viewing a PDF. As a result, no industry is immune to cyberattacks which use COVID as a hook.

There are some industries, however, that have been targeted more than others. In fact, McAfee's COVID-19 Threat Dashboard provides daily updates on the countries and sectors most frequently targeted with COVID-19-related malicious file detections. The data currently highlights that organizations in both the telecoms sector and the outsourcing and hosting industry account for the majority of these attacks. This dashboard shows just how important it is for businesses across every sector to educate their workforce on best practice security, giving them the ability to recognize suspicious activity and continue working from home without becoming the weak link in the security chain.

  • Raj Samani, Chief Scientist and Fellow, McAfee.

Raj Samani is Chief Scientist and McAfee Fellow for cybersecurity firm McAfee.