Excerpted from Lexology by Kramer Levin Naftalis & Frankel LLP

As organizations transition to the work-from-home environment, the risks of cyber fraud grow even more acute. Fraudsters are seeking to exploit remote workforces to gain access to valuable confidential and personally identifiable information, using timely phishing and man-in-the-middle scams as well as standard firewall and perimeter penetration. Consider taking these basic steps to protect your organization from cybercriminals.

Remember that many cybercrimes are accomplished through the use of email. Common email cybercrimes include phishing scams, corrupted attachments and attempts by bad actors to obtain personal or financial information or misdirect money or other items of value. Many hackers are capitalizing on coronavirus fears to obtain remote system access, such as through phishing scams that encourage recipients to click on links to purchase masks or hand sanitizer or to connect to helpful coronavirus information from reputable organizations like the Centers for Disease Control and Prevention or the World Health Organization. Fraudsters are even impersonating state and local Department of Health workers and cold-calling homes, purporting to set up Coronavirus tests in an effort to solicit personal and protected health and identifying information.

To guard against these scams, encourage the use of good email cyber hygiene habits, including:

            •Scrutinizing unexpected email and telephone communications and email addresses to make sure each communication is actually from the person it appears to be from.

            •Looking for suspicious typos, odd uses of grammar or other indications the email may have been drafted by a bad actor.

            •Subjecting any unusual requests to additional levels of verification — e.g., calling to verify.

            •Scrutinizing all links before clicking, and erring on the side of sending suspicious links or documents to the information technology department for review before opening or

            •Immediately informing the information technology department if a suspicious link is clicked.

            •Not forwarding documents containing confidential information to personal email accounts, which are much easier to hack.
For entire story click here