With the COVID-19 pandemic continuing its impact, opportunistic cybercriminals are leveraging our fear and need for information to gain access to individuals’ computers and personal information through phishing and other spoofing schemes. These major threats require risk mitigation, risk management and/or risk transfer strategies as the crisis unfolds. As true advisors to our clients, we understand the importance of this topic keeping personal and financial data safe. Below we pass along some steps to take and tips to keep you protected.
Step 1: Know How to Identify a Scam
Cybersecurity criminals are becoming more and more sophisticated and can access your data through new methods that seem trustworthy, including:
Email Scams – About 90% of all cybercrime starts with an email. Check the sender’s address and be skeptical of anything that doesn’t look or feel right. If it doesn’t look right don’t open it. “When in doubt, delete it out.”
Invoicing Scams – Scammers will monitor personal news: births, deaths, new homes and more, and then send fake invoices for payment. For example, after finding a widow on the internet, scammers will pretend to be a collection agency calling about the recently deceased’s debts.
Charitable Donation Scams – Beware of requests for money immediately after a disaster. Scammers set up fake websites with names similar to real charities and solicit donations.
Investment Scams – Scammers will set up seminars or websites where they suggest investing in specific funds or unusual assets has made them rich. Claris clients should always consult their advisor on the validity of new investment methodologies.
Personal Scams – With so much information available online – through social media or online dating apps – scammers may be using blackmail or personal scams in addition to just economic scams.
Small Business Scams – About half of all small businesses experience a cyberattack because they generally have a moderate amount of data and often have minimal cybersecurity.
COVID-19 Related Phone Scams and Phishing Attacks: It is being reported that callers claiming to be representatives of the Centers for Disease Control and Prevention (CDC) are beginning to surface. These calls are scams. Be wary of answering phone calls from numbers you do not recognize. Malicious cybercriminals are also attempting to leverage interest and activity in COVID-19 to launch coronavirusthemed phishing emails. These phishing emails contain links and downloads for malware that can allow them to take over healthcare IT systems and steal information.
Step 2: Ramp Up Your Security
Once you know how to identify incoming scams, ramping up your cybersecurity is a natural next step. Incorporate these behaviors into your digital life to stay on the defense against cybercrime.
- Do not provide personal/financial information in response to online/offline phone solicitations; never send money without a phone call and verification.
- Never enter your credit card or personal information into a site without “https“. Websites that begin with https (as opposed to just http) have a layer of encryption called the secure sockets layer, or SSL to help keep data protected.
- Never use the “remember password” or auto-save functions to remember your user name and password on websites.
- Do not access financial or other accounts from mobile devices or through public wifi. Financial transactions should only be done on a trusted virtual private network (VPN).
- Disable all “smart home” devices with recording capabilities when dsicussing confidential matters. This includes voice activated “smart speakers” such as Amazon Alexa.
- Keep computer software up to date, including firmware on routers and monitors.
- Install antivirus/malware software like Norton, McAfee or Total AV on all devices.
- Ensure home wifi networks are secure using WPA2 or WPA3 security and a unique passowrd. Call your internet provider to check.
- Enable security features on any devices and/or websites – PINs, fingerprint authentication, facial recognition or multi-factor authentication.
- Use password management systems such as Last Pass or Keeper to protect your credentials. These secure websites will help you better manage your users names and passwords. Passwords should be a minimum of 12 characters and contain a mixture of upper and lower case letters, numbers and symbols.
Small businesses should secure their wi-fi networks, train employees on cybersecurity, and consider using third-party security companies to protect their data. Cyber liability insurance can help a small business survive cyberattacks by paying for customer notification, credit monitoring, legal fees and fines after a data breach.
Contact a Claris advisor for more information about cyber liability insurance coverage. To learn more about cybersecurity strategies for your business, check out the technology services offered by Anders CPAs + Advisors.
Claris Advisors is an affiliate of Anders CPAs + Advisors.