FINRA's BrokerCheck

Tech Tips to Stay Safe During COVID-19 Crisis

Even as the coronavirus (COVID-19) outbreak affects us in unprecedented ways, scams persist. For instance, hackers are now resorting to emails and apps claiming to provide information on the COVID-19 outbreak to fool victims into installing malware on their devices. Unfortunately, phishing emails have spiked by over 600% since the end of February, and in March, 10X Genomics was hit with a ransomware attempt. Even videoconferencing, which is being used more than ever, has become a potential avenue for hackers.

Unfortunately, cyberattacks can happen to any organization at any time. And with more people working remotely now (we are), cybersecurity is of the utmost importance. Here are some strategies to protect your organization and to stay productive in the face of COVID-19.

Be Safe Online

In times like these, people can leave themselves vulnerable to scams. The search for the latest information could lead someone to click a link they might otherwise avoid.

There are reports of malware infecting devices that visit bogus COVID-19 maps. Also, cybercriminals are disguising themselves as World Health Organization officials and posing as government agencies to steal money or sensitive information.

To stay safe, be diligent about checking file extensions and not clicking on suspicious links. Verify email sender addresses, not just display names, to make sure messages and attachments are valid before opening them. This goes for video conferencing links, too – never click on a video meeting invite from someone you don’t know. 

In recent weeks, thousands of domain names have been created with less-than-good intentions for site visitors, leading to malware installation or non-public information (NPI) collection. 

If you see a scam, report it to the WHO and your IT team immediately.

Shore Up Home Offices

Work from home (WFH) setups relying on home Wi-fi networks often lack security protocols found standard on corporate networks. For instance, content firewalls and ongoing security monitoring are usually absent from WFH setups, which can expose corporate data and systems to bad actors.

So, it’s vital that remote workers understand company technology policies apply no matter where work is performed. Policies usually require updated security software, secure data transmission, and adherence to safe use standards. These safeguards must apply remotely too. It is important to reiterate these policies with staff and ensure they are aware of the liabilities and safeguards in place.

If you have a Managed Services Provider, work with them to ensure everyone follows best security practices and company policies, especially at home.

It’s also smart to have advanced endpoint detection and response software installed on your system. This protects against malicious actions as a result of accidental clicks and re-directs to harmful sites. This advanced protection can roll back malicious actions and protect the corporation from ransomware by using artificial intelligence and machine learning technologies. 

Without the appropriate technologies in place, enforcing policies becomes particularly tricky. For example, in the company’s offices, laptops are adhering to all the management and control policies of the organization. At home, if a full VPN isn’t in place, or the company has decided to centrally push out patches to all workstations, laptops could get behind in those critical updates. 

Keep in mind that your team members may forget, now that they’re working from home, that their computer still needs a regular reboot to install pending patches the system may have received directly from installed software. Remind them of the importance of shutting down at the end of each work day.

Leverage Tech Tools

Technology can keep your organization going when normal operations aren’t possible. Here are some tech tools to enable efficient communication and remote productivity:

  • Video/phone conferencing
  • Instant messaging
  • Email
  • Virtual private networks
  • File sharing

Of course, any tool must adhere to your organization’s technology policies. To limit potentially unsafe software, populate user devices only with approved programs. Also, be sure to show people how to use the tools correctly and follow best practices. It’s also critical to ensure systems and video conferencing platforms remain up to date and patched (be able to be fixed immediately, if necessary) to avoid compromise.

More to Know About Videoconferencing

Meeting invites for remote video sessions should always come from someone you know and trust. Even when the invite appears legitimate, be aware of a “spear-phishing attack,” which works like this: you join the session and the attacker asks for control of your computer. Be extremely cautious of passing control to an individual you cannot see on the screen, or opening any content provided in that meeting. Many video conferencing platforms offer in-meeting collaboration areas for documents and other data for the meeting – those kinds of exchanges should only occur in meetings in which you have verified the attendees and know and trust them.

The videoconferencing platform Zoom recently implemented new security updates that include requiring a meeting password. However, as more people use social media, some have been posting Zoom meeting IDs and passwords. It’s important to remind your team members that using a password to secure a videoconferencing meeting is pointless if users don’t follow safe practices on other technology platforms.

Communicate Often

The value of communication is highest during crisis. Your stakeholders need to know what’s happening.

As such, alert clients to your plans and how you’re specifically committed to supporting them right now. Similarly, organizational leaders should contact their teams regularly about the crisis’ impact on clients and operations. Over communication is nearly impossible.

Along the same lines, review your disaster recovery and business continuity plans to ensure they include guidance on responding to epidemics and pandemics. Also, develop a team for crisis-related issues and communications. If your organization doesn’t have this in place, it’s not too late.


As always, be safe and vigilant. Stay informed using our COVID-19 Knowledge Center.

If you have any questions or concerns, contact our technology solutions team today at 616.222.9400, via email or at rehmann.com. We’re here to help.

Published in COVID-19