Tips for Maintaining Cyber Hygiene During COVID-19

Gloria Salinas, Managing Director, Economic Development

Maintaining a healthy business network during COVID-19 is almost as important as maintaining a healthy workforce.

As millions of Americans work remotely from home, the move away from protected servers and firewalls at offices leave many networks and organizational financial information at risk to rising cyberattacks during the pandemic. The Federal Bureau of Investigation and Federal Trade Commission have warned of various cybercriminal scams and methods of attack being utilized during the pandemic, but the most popular is Business Email Compromise (BEC).

In 2019, the FBI Internet Crime Complaint Center received 23,775 compromised email complaints that totaled losses of more than $1.7 billion, according the 2019 FBI Internet Crime Report. In the first three weeks of March alone, Dallas Innovates reported that phishing scams and spam rose 667 percent – to 467,825 global attacks, including 9,116 emails related to COVID-19.

To prevent business losses, establishing good cyber hygiene within your organization is critical during COVID-19, and utilizing your employees as the first line of defense while they work from home can prevent cyberattacks and major bottom line losses.

We’ve compiled a curated list of the top five best practices for cyber hygiene, expert resources, and how to report and respond to cyberattacks.

1. 1. 1. Make sure staff is on heightened alert: Host a virtual training session to remind staff, especially accounts payable employees, that the organization is vulnerable to cyberattacks on all communication fronts, particularly email and phone calls. Educate employees on good cyber behavior, including creating complex passwords, and review internal reporting processes should any employee receive a suspicious phishing email or phone call.
      2. Secure home Wi-Fi: All employees should work from a secure home wi-fi network that requires a password and limit the number of people that have access to the password. Passwords to access the home wi-fi network should be strong, at least 16 characters, with a combination of letters, numbers, and characters.
      3. Beware of suspicious emails, phone calls, or text messages: Email is the biggest threat to account and network compromise. Make sure you recognize the sender, and hover the mouse over the email sender’s address to ensure it is spelled correctly. Beware of a tone of urgency, and do not click on links in an email or download attachments. Cybercriminals also call or send text messages as an attempt to gather personal or business information. Do not open or respond to text messages from an unknown number, and let phone calls from unknown numbers go to voicemail.
      4. Implement Consistent Validation: Require verification standards for accounts payable, such as validating all requests for payments and account numbers for payment by speaking with a known individual. Validate new account numbers for new payments in the system. Consider implementing a cap on payable amounts during the pandemic, such as two installments for larger payments.
      5. Create a cybersecurity preparedness program: Management doesn’t have to invest in expensive solutions for cybersecurity preparedness programs. A strong return on investment can come from simple tech strategies, including training and testing—such as phishing drills and tabletop exercises. Employees are the critical first line of defense at protecting organizational knowledge, and finding and mending any gaps through repeated training and practice is one of the simplest and most critical ways to do that.

What to do if You’ve Been Attacked:

If business financial information is compromised and falls prey to a cyberattack:

• • • Immediately notify your bank of the fraud;
    • Quickly engage and notify your IT and information security staff to determine if there has been a network or email compromise;
    • Fill out a report with the Federal Bureau of Investigation Internet Crime Complaint Center (IC3) at IC3.gov; and
    • Contact your local FBI field office as soon as possible. The longer you delay or wait to engage the FBI, the lower the chances of recovering funds. Call the Dallas FBI Field Office at 972.559.5000.

How to Report a Scam or Suspicious Claim:

• • • Federal Trade Commission, ftc.gov/complaint;
    • Federal Bureau of Investigation, tips.fbi.gov; and
    • FBI Internet Crime Complaint Center, IC3.gov.

Resources for Employers:

• • • Federal Trade Commission: Avoid Coronavirus Scams
    • BCG: Managing the Cyber Risks of Remote Work
    • J.P. Morgan Chase: COVID-19: Your Guide To Navigating Economic Uncertainty
    • J.P. Morgan Chase: Developing a Culture of Cyber Preparedness
    • PwC: How to Protect Your Companies from Rising Cyber-Attacks and Fraud Amid the COVID-19 Outbreak
    • IBC Bank Offers Tips to Avoid Scams Online During COVID-19