A “Free” Covid Vaccine can give you a virus (and infect your IT network)

With the pandemic still raging in most parts of the world, cybercriminals have come up with yet another novel technique to lure unsuspecting victims and steal their data–the free Covid-19Vaccine scam. This is how it typically works.

You get an email or a text message that says you are eligible to receive the vaccine for Covid-19 free of cost. The message will have a link which will take you to a form, where you may be asked for your personal information. Once you fill that in and hit submit, cybercriminals have access to your PII (Personally identifiable information) and can virtually wreck havoc now.

There have been some variations of this message, one being a rebate offer, where you are asked to “book” or “preorder” your vaccine by paying for it online, with a promise of credit/rebate/refund in a week. Not only will your card be charged for the “cost of the vaccine”, your card details may also be stolen using secret key loggers, and the damage to your credit may be much more than the amount you were actually billed for.

Why should you be wary of this, as a business?

So, if the scam seems to target individuals, why is it important for businesses to be aware of this? Well, for the simple reason that you need to alert your employees to this. With the pandemic having almost completely changed the typical office set up and more and more people working remotely, using their own devices for work purposes, there’s a chance that an employee who falls for the vaccine scam may end up compromising your company’s data unknowingly. If a cybercriminal gets access to their device, chances are high that they will most likely have a gateway to your IT network and subsequently, your data.

What can you do?

Data safety is not just about getting the best antivirus software, it is also about people who have access to your data. Apart from installing anti-malware software programs and firewalls, educate your employees about the COVID-19 vaccine scams that are in play. Help them identify phishing scams and conduct mock drills and tests to assess their understanding of the concept.

No time to do all this by yourself? Core IT is an experienced Managed service provider with extensive experience in cybersecurity. We can help you keep your data safe by deploying the latest technology and also by training your employees to identify hacking and phishing attempts BEFORE they become a victim.

A “Free” Covid Vaccine can give you a virus (and infect your IT network)

With the pandemic still raging in most parts of the world, cybercriminals have come up with yet another novel technique to lure unsuspecting victims and steal their data–the free Covid-19Vaccine scam. This is how it typically works.

You get an email or a text message that says you are eligible to receive the vaccine for Covid-19 free of cost. The message will have a link which will take you to a form, where you may be asked for your personal information. Once you fill that in and hit submit, cybercriminals have access to your PII (Personally identifiable information) and can virtually wreck havoc now.

There have been some variations of this message, one being a rebate offer, where you are asked to “book” or “preorder” your vaccine by paying for it online, with a promise of credit/rebate/refund in a week. Not only will your card be charged for the “cost of the vaccine”, your card details may also be stolen using secret key loggers, and the damage to your credit may be much more than the amount you were actually billed for.

Why should you be wary of this, as a business?

So, if the scam seems to target individuals, why is it important for businesses to be aware of this? Well, for the simple reason that you need to alert your employees to this. With the pandemic having almost completely changed the typical office set up and more and more people working remotely, using their own devices for work purposes, there’s a chance that an employee who falls for the vaccine scam may end up compromising your company’s data unknowingly. If a cybercriminal gets access to their device, chances are high that they will most likely have a gateway to your IT network and subsequently, your data.

What can you do?

Data safety is not just about getting the best antivirus software, it is also about people who have access to your data. Apart from installing anti-malware software programs and firewalls, educate your employees about the COVID-19 vaccine scams that are in play. Help them identify phishing scams and conduct mock drills and tests to assess their understanding of the concept.

No time to do all this by yourself? Core IT is an experienced Managed service provider with extensive experience in cybersecurity. We can help you keep your data safe by deploying the latest technology and also by training your employees to identify hacking and phishing attempts BEFORE they become a victim.

Cyber Security training basics: Password best practices & phishing identification

As a business you know the importance of ensuring that your data is safe from the prying eyes of cyber criminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cyber criminals. This blog offers a list of what you should cover in cybersecurity awareness training.

Password best practices

This should be number one on your list. The easiest way to steal your data is by stealing your password. Hence you should educate your employees on password best practices. They should know

• Not to share passwords
• How to share passwords safely (if at all it has to be done)
• How to set strong passwords
• The importance of changing passwords often
• Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it

You could also invest in a password tool as it will help you enforce your password policy better.

Phishing

Train your employees to identify phishing attempts. Phishing is when cyber criminals pose as someone trustworthy and attempt to steal data. Studies show that the number one reason businesses become victims of cybercrime is because their employees fail to recognize a phishing attempt. For example an email may be disguised to look as though it came from a coworker or vendor, or even a government agency such as the IRS, and may contain a request for sensitive information. Some may have attachments that the receiver may open unknowingly and end up infecting the whole network with malware. Though anti-malware software programs generally identify such communication and either mark them as spam or issue warnings when the receiver tries to open them or download the attachment, training your employees to recognize phishing attempts is very important, because even a single email that slips through the crack can result in a huge disaster.

Remember this is not a one-time thing. Cybercriminals are always at work devising new strategies to steal your data. You need to train new employees as they join your organization and update your existing employees with any new cybercrime modus operandi. You can offload this task to an experienced managed service provider who specializes in cyber security. Being a part of the industry, they would generally be up-to-date with the latest risks and advise you and your team accordingly.

Cyber Security training basics: Password best practices & phishing identification

As a business you know the importance of ensuring that your data is safe from the prying eyes of cyber criminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cyber criminals. This blog offers a list of what you should cover in cybersecurity awareness training.

Password best practices

This should be number one on your list. The easiest way to steal your data is by stealing your password. Hence you should educate your employees on password best practices. They should know

• Not to share passwords
• How to share passwords safely (if at all it has to be done)
• How to set strong passwords
• The importance of changing passwords often
• Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it

You could also invest in a password tool as it will help you enforce your password policy better.

Phishing

Train your employees to identify phishing attempts. Phishing is when cyber criminals pose as someone trustworthy and attempt to steal data. Studies show that the number one reason businesses become victims of cybercrime is because their employees fail to recognize a phishing attempt. For example an email may be disguised to look as though it came from a coworker or vendor, or even a government agency such as the IRS, and may contain a request for sensitive information. Some may have attachments that the receiver may open unknowingly and end up infecting the whole network with malware. Though anti-malware software programs generally identify such communication and either mark them as spam or issue warnings when the receiver tries to open them or download the attachment, training your employees to recognize phishing attempts is very important, because even a single email that slips through the crack can result in a huge disaster.

Remember this is not a one-time thing. Cybercriminals are always at work devising new strategies to steal your data. You need to train new employees as they join your organization and update your existing employees with any new cybercrime modus operandi. You can offload this task to an experienced managed service provider who specializes in cyber security. Being a part of the industry, they would generally be up-to-date with the latest risks and advise you and your team accordingly.

What does cyber insurance typically cover?

Pandemic or no pandemic–cyber insurance is a must-have. And, not just that, some of your clients may insist that you have cyber insurance coverage before they trust you with their data–especially if you are operating in the B2B market. Cyber insurance can break the fall in case you become the victim of a cyber attack or some gross malfunction that causes data loss. Here’s a list of things cyber insurance policies typically cover.

Forensic analysis

After a cybersecurity attack, you need to conduct a root cause analysis to identify what went wrong and where, so you can take corrective action to prevent the possibility of it repeating.

Notification expenses, penalties & lawsuits

Along with data breaches come a lot of liabilities including timely notification, fines, penalties, and perhaps even lawsuits for which you will need legal representation.

Revenue loss–direct and indirect

If your business is a victim of cybercrime, you will likely have to shut down your IT infrastructure for some time even as the issue is being resolved or contained. This downtime can cost you quite a bit in terms of lost sales and also employee productivity. Not to mention the damage to your business’s brand name which will have some effect on your sales revenue for at least a few months to come–and add to that the costs of employing a good PR agency to create some positive buzz around your brand to overcome the bitter taste left by the data breach incident.

Apart from the items covered above, which is more like a consequence of data loss, there are two big risks that cyber insurance policy can protect you against–cyber extortion and fund diversion.

Cyber extortion

Remember the WannaCry Ransomware incident that happened in 2017? Cybercriminals used a worm, a form of malware to infiltrate more than 200,000 target computers and freeze user’s access to the data therein. The losses caused by WannaCry are estimated to be in the range of billions of dollars. What would you do if someone held your data hostage or worse still threatened to leak it online? As a business owner, you have no choice but to pay up the ransom amount.

Fund diversion

This is another form of cyber attack, though not as obvious as cyber extortion. Fund diversion is when you or your staff accidentally end up diverting your business funds to a fraudster. For example, your accountant clicked on a phishing link that took them to a clone site of the bank where your company has its account, or they made a payment by clicking on a fraudulent email sent by a cybercriminal posing to be your vendor.

It is important to remember that cyber insurance is still NOT a replacement for cybersecurity. You cannot invest in a cyber insurance policy and not bother about putting data security measures in place. In fact, like any other insurance, cyber insurance will also have exclusions and any laxity on your part in terms of data security can cause your cover to become null and void. This is where a trusted managed services provider can be of help. An experienced MSP can help you pick the right cyber insurance policy based on your needs. They will be able to explain the exclusions clearly to you–in your terms and help you design and maintain the security mechanisms and processes necessitated by the cyber insurance policy.