Logo Alt Text Logo Alt Text
  • About Us
  • Trust Center
  • Schedule a Demo
  • Resources & Blog
  • ID Theft Protection
    • IdentityForce.com
    • Breach Risk Intelligence
  • Mobile Security
    • Mobile Defense Suite
  • Identity Restoration
  • Breach Response
  • Small Business
    • Small Business Suite
  • Explore a Partnership
    • Tailored Programs
      • Resellers
      • Affiliate Marketing Program
    • Industries
      • Financial Institutions
      • Employee Benefits
      • Government Agencies
    • Continuous Support
    • Schedule a Demo

COVID-19 Scams Raise Security Concerns for Businesses

Posted on April 24, 2020 by Eugene Bekker | Director, Technology & Security in Business, Business Resources, Corporate Protection, Employee Benefits

Father working remotely

Over the past weeks, the novel coronavirus (COVID-19) pandemic has caused a shift in our working conditions, our social interactions, and our work/life balance in general. Many organizations have instituted work-from-home policies to adhere to the social distancing requirements in every state, and over one-third of employers say the recommendations to limit social contact have triggered a work from home policy for the first time.

A recent CNBC survey found more than one out of three of senior IT executives report that cybersecurity threats have increased as more employees are working from home, and IT departments and cybersecurity resources are being stretched to their limits to support so many individual worksites. There is a substantial virtual workforce now who are using personal and mobile devices for work, in addition to company-issued devices connected to home networks — all of which introduce additional elements of risk to organizational security.

Paycheck Protection Program Scams Target Your Business Data

Under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, eligible small businesses can obtain loans under a new, temporary Small Business Administration (SBA) loan program, also called the Paycheck Protection Program. The Federal Trade Commission (FTC) warns small businesses of organizations deceptively marketing themselves as approved lenders under the Paycheck Protection Program. These fraudsters are collecting sensitive business information under the guise of providing much-needed loans that never materialize.

Sensitive business data is threatened not only by fake lenders, but also by cyberthieves as the SBA’s emergency business loan portal itself suffered a data breach that was discovered on March 25, 2020. A few weeks later it was disclosed that the breach had exposed the names, Social Security numbers, addresses, emails, dates of birth, and insurance information of thousands of small business owners who had applied for aid during the COVID-19 economic shutdown. All this sensitive data can be used to perpetrate business identity theft, as well as personal identity theft.

Phishing Continues to Plague Your Employees

Phishing attacks remain the most popular way for bad actors to make their move on your sensitive business, customer, and employee data, with 91% of all cybercrimes starting with email. In 2019, there were at least 3.4 billion fake emails sent per day, and there are more than 1 trillion phishing emails sent every year. As employees frequently check for updates on the latest COVID-19 news, work conditions, conference and event statuses, they may be tricked into clicking phishing links that capture important documents stored in, or are accessed through, your employees’ devices —  an especially risky endeavor if those are personal devices not protected under your company’s security network.

Remind your employees to stay alert for COVID-19 phishing scams and fraud in its many forms. For example, with the 2020 tax filing deadline extended to July 15, fraudsters can still commit tax identity theft using your employee information. A common Business Email Compromise scam involves impersonating an executive and asking for employee W-2 forms to be sent under an urgent deadline.

Remote Work May Open Your Business Up to Data Breaches

Employees using home networks for business now need to be extra vigilant about their other Internet of Things (IoT) devices – think smart TVs, game systems, baby monitors, and the like. They all represent an added security risk to a network. Safeguard your business from the disruption of a data breach by encouraging employees to keep software updated and to frequently change their account passwords. In addition, being proactive in preparing for a data breach event can save you thousands of dollars, reduce time lost, and protect your customer relationships.

It’s important for your business to include remote work protocols, in part to ensure for the continuity of business, but also to allow for data security measures from home office environments. Given the increased usage of online conferencing tools as a way to stay connected with coworkers, friends and family, consider employee policies around safe online conferencing as a way to reduce the threat of unwelcome visitors in your business meetings or compromising your business conference accounts.

6 Tips to Protect Your Remote Workforce

If your business is implementing a work-from-home strategy, review these six recommendations below. You can find additional tips to secure, protect, and preserve the well-being of your work-from-home employees in Sontiq’s shareable COVID-19 Scams and the Remote Workforce infographic.

  1. Develop or update your Work-from-Home policy, specific to secure network connections, use of business equipment for business-only purposes, and data access.
  2. Create policies that require strong passwords and provide clear guidance for employees on what to do if their devices are lost or stolen.
  3. Together with strong passwords, employees should enable two-factor authentication (2FA) on all accounts. Requiring an additional level of security on all accounts and mobile apps can often thwart hackers from gaining access.
  4. Educate employees on cybersecurity best practices on how to protect themselves from business email compromise schemes and other vishing and phishing tactics tied to coronavirus and other topics.
  5. Provide mobile threat protection and deploy online PC protection tools to protect employees from keyloggers, spyware, ransomware, and other malicious code on mobile phones, laptops, and desktop devices.
  6. Require employees to transfer and backup files using company-approved, secure means, including cloud storage with proper security protocols activated.

Meet the Author

Eugene Bekker | Director, Technology & Security

Eugene is the Director, Technology and Security of Sontiq, the parent company of the EZShield and IdentityForce brands. He oversees the architecture of the core technology platform for Sontiq. He also manages the security and compliance program. Eugene has over 20 years of experience in the areas of Information Technology and software engineering.


Related Insights

On-Demand Webinar | Behind-the-Scenes: The Story of Sontiq’s New Tech-enabled Platform

On-Demand Webinar | Behind-the-Scenes: The Story of Sontiq’s New Tech-enabled Platform Identity fraud…

See more


Video | Sontiq Intelligent Identity Security Platform

Discover our next-generation cloud-based platform, Sontiq Intelligent Identity Security (IIS). The enhanced platform serves as…

See more


Sontiq 50-Point Member Manifesto

Sontiq’s Member Manifesto, a 50-point commitment to innovation and continuous improvement…

See more

Sontiq
  • Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • ID Theft Protection
  • Mobile Security
  • Identity Restoration
  • Breach Response
  • Small Business
  • Explore a Partnership
  • About Us
  • Trust Center
  • Press Room
  • Contact
  • Terms of Use
  • Privacy Policy
  • EU-US Privacy Shield Privacy Policy
  • EU GDPR Fair Processing Notice
  • Do Not Sell My Information

© 2021 Sontiq. All rights reserved.

Questions?
Call 1-888-6-SONTIQ
Send Us An Email
Live Chat