3 steps to reduce the risk of coronavirus phishing scams
March 11, 2020
Authored by RSM Canada LLP
Joel A. Humphrey, CPA, CA shared this article
ARTICLE | March 11, 2020
With the coronavirus pandemic consuming attention and companies focusing on implementing safety, readiness and response measures, a surge in potentially harmful phishing scams has emerged. As organizations manage a host of coronavirus-related challenges, they may drop their guard or unknowingly implement policies that increase the risk of suffering an attack.
Unfortunately, criminals often attempt to take advantage of disaster scenarios to exploit lapses in protections and controls. These criminals use social engineering tactics to prey on a variety of emotions to manipulate people, attempting to exploit fear in this scenario.
Currently, we are seeing two grades of attacks. The first is fairly low-grade, with hackers sending deceptive emails with no target in mind, pretending to be the PHAC, Red Cross or other entities tied to coronavirus information to trick users into clicking on links and attachments that infect systems and steal information.
However, a new level of attacks targets individual companies, presenting fake coronavirus alerts or guidance that looks like it is authored by specific members of organizational leadership, often from the C-suite. By using a familiar name or face, these attacks have a much higher success rate.
Further complicating the issue, many companies have understandably sent employees home to work remotely, but the same level of security controls and protections often doesn't extend to home networks.
To mitigate these risks, midsize companies can take three important steps to safeguard against these emerging phishing scams:
1. Get in front of the issue by communicating the risks
Organizations must be front-running when faced with these scams, creating proactive communications about how they will distribute critical alerts and information. Leadership should detail how they will communicate, cover what would and would not be requested from employees and stress the importance of going to official company communication channels regularly for updates and to validate any suspicious information.
2. Make it personal
The risks to company data and information also extend to personal networks. Emphasizing how predators are lurking with threats to companies as well as family communications will likely garner more attention. Employees will get the point in terms of company data, while also appreciating the encouragement to act regarding personal data.
3. Communicate and evaluate remote work security policies
Companies must ensure they have communicated the rules and risks of working outside the corporate environment. In many cases, security protections and firewalls that are in place inside the office simply don’t protect devices that access the network remotely. In many cases, companies will need to consider network or security changes to equalize security protections inside and outside of the office.
As coronavirus fear and uncertainty increases, hackers will continue to try to exploit companies with phishing attacks. By spreading awareness of the potential threats, communicating how they may extend into personal affairs and making necessary adjustments to security policies to account for increased remote work, companies can go a long way toward better protecting themselves against emerging and persistent phishing risks.
Call us at 1 855 363 3526 or fill out the form below and we'll contact you to discuss your specific situation.
Source: RSM Canada
Used with permission as a member of RSM Canada Alliance
RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit rsmcanada.com/aboutus for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.
FCR a proud member of RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.
For more information on how FCR can assist you, please call us at 1 855 363 3526