Source: RSM US LLP.   

With the coronavirus pandemic consuming attention and companies focusing on implementing safety, readiness and response measures, a surge in potentially harmful phishing scams has emerged. As organizations manage a host of coronavirus-related challenges, they may drop their guard or unknowingly implement policies that increase the risk of suffering an attack.

Unfortunately, criminals often attempt to take advantage of disaster scenarios to exploit lapses in protection and controls. These criminals use social engineering tactics to prey on a variety of emotions to manipulate people, attempting to exploit fear in this scenario.

Currently, we are seeing two grades of attacks. The first is fairly low-grade, with hackers sending deceptive emails with no target in mind, pretending to be the CDC, Red Cross or other entities tied to coronavirus information to trick users into clicking on links and attachments that infect systems and steal information.

However, a new level of attacks targets individual companies, presenting fake coronavirus alerts or guidance that looks like they are authored by specific members of organizational leadership, often from the C-suite. By using a familiar name or face, these attacks have a much higher success rate.

Further complicating the issue, many companies have understandably sent employees home to work remotely, but the same level of security controls and protections often doesn’t extend to home networks.

To mitigate these risks, midsize companies can take three important steps to safeguard against these emerging phishing scams:

1. Get in front of the issue by communicating the risks

Organizations must be front-running when faced with these scams, creating proactive communications about how they will distribute critical alerts and information. Leadership should detail how they will communicate, cover what would and would not be requested from employees, and stress the importance of going to official company communication channels regularly for updates and to validate any suspicious information.

2. Make it personal

The risks to company data and information also extend to personal networks. Emphasizing how predators are lurking with threats to companies as well as family communications will likely garner more attention. Employees will get the point in terms of company data, while also appreciating the encouragement to act regarding personal data.

3. Communicate and evaluate remote work security policies

Companies must ensure they have communicated the rules and risks of working outside the corporate environment. In many cases, security protections and firewalls that are in place inside the office simply don’t protect devices that access the network remotely. In many cases, companies will need to consider network or security changes to equalize security protections inside and outside of the office.

As coronavirus fear and uncertainty increases, hackers will continue to try to exploit companies with phishing attacks. By spreading awareness of the potential threats, communicating how they may extend into personal affairs and making necessary adjustments to security policies to account for increased remote work, companies can go a long way toward better protecting themselves against emerging and persistent phishing risks.

This article was written by Daimon Geopfert and originally appeared on March 13, 2020.
© 2020 RSM US LLP. All rights reserved. View original article here.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.