Society has always had its share of bad apples. Even now, in the midst of an unprecedented crisis all some people can see is the opportunity to take advantage of others. There’s been a huge uptick in all kinds of fraud, usually targeting people’s understandable anxieties about the virus or their own financial situation. Here’s what you can do to protect your business, your staff and your stakeholders’ personal data from breach.
Malware disguised as health tips
Warn your staff about email fraud. We’re seeing a lot of emails with Coronavirus health tips and news which appear to come from the NHS or international health organisations. They’ll usually have some apparently useful summary content and then direct the recipient to download a linked document or log in to a portal.
The document will contain malware aimed at compromising the user’s computer – and your data – and the portal will be there to steal their login credentials, potentially to your network. Make sure staff have a trusted point of contact where they can get advice and to which they can forward suspicious emails to get an informed opinion.
Warn your staff about IT masquerade fraud – this usually starts with a phone call, purporting to be from your IT support team, or Microsoft, or the user’s ISP. This is on the uptick too, as the fraudsters recognise that more people are working from home and are more sensitive than ever to the health and security of their computers.
The caller will tell the recipient that there’s a problem with their computer – usually something alarming like a virus, or a detection of unlawful activity – and request that the user give them remote access so that they can fix it. They might also ask the user to go to a website and download some tools.
Naturally the remote access will be used to steal data and passwords, and the tools will be mostly viruses and malware. We’re hearing that sometimes the call to action in current calls is that the user is using ‘too much bandwidth’ and needs to let the fraudster make changes so that they are only taking their fair share of this precious resource.
All of this is bogus, and once again you need to give your staff a trusted contact point and the confidence to refuse to co-operate with the caller, however much they threaten.
Taking advantage of financial stress
Finally, we must recognise that this is a period of unparalleled financial stress for employees, accompanied by vague promises of support from the government. As a result, people are much more likely to credit a call or email that claims to be from their bank, HMRC or some other arm of government. They might be asked to reveal sensitive personal information about themselves or others, or hand over credentials, or install software on their computer.
All of these things not only risk harm to the user, they also risk breaching whatever personal data they have access to. Be proactive in offering support to your employees and make sure they know they can turn to your HR or finance department for advice.
Give your staff time and reassurance
Above all, as a general rule in all circumstances and more than ever now, tell them never to panic. Never to act in haste. Never to worry about missing a short-term, sudden deadline. These are the pressure tactics used by the scammers, and they work much better when people are already very stressed. Give your staff space to breathe and time to think and empower them to take care.
Above all, make sure they have rapid access to advice. You need to be there for them now more than ever.