Cyberattacks, Foreign Disinformation Campaigns Leverage Coronavirus Theme

AAFCPAs would like to remind clients that cyber criminals and other bad actors are often poised to capitalize on a crisis. In this case, cyber criminals and foreign governments are using the Coronavirus (COVID-19) pandemic as a theme to lure individuals into making harmful clicks or actions.

AAFCPAs reminds clients and their employees to be particularly wary of topics like:

• Check Updated Coronavirus Map
• Coronavirus Infection Warning
• CDC or World Health Organization emails or Social Media Coronavirus Messaging
• Keep Your Children Safe from Coronavirus
• Donate Now to Help Coronavirus Victims

What can you do?

AAFCPAs advises clients to take a disciplined approach to cyber-security in order to better guard against and minimize your organization’s risk of becoming a victim.  This disciplined approach includes:

• Conducting regular security awareness training of employees—including alerting them to risks related to Covid-19. Your best line of defense in protecting your organization against social engineering attacks is employee awareness.
• Maintaining vigilance when reading emails or accessing links. Hover over links and see where they point. Look at the sender’s email address and pay attention to details like replaced letters/numbers, for example: Bankofamerica.com may appear as Bank0famerica.com. If the email comes from an organization like a bank and asks you to log-in and check your account status, use links that you have used before instead of clicking on what is provided in the email. If the email comes from a colleague or friend and asks you to wire money for example, call that person and verify.
• Adhering strictly to internal control processes & procedures. Emails that appear urgent in nature and request that the recipient bypass the regular processes in the interest of time and requestor’s level of authority should always be a red flag.
• Ensuring systems are updated with the latest patches. This includes operating system, VPN, software and hardware (drivers etc.).
• Considering what information you are accessing and printing from home, and how you are disposing of it, especially as it relates to Personal Identifiable Information (PII), client records, proprietary information, and other sensitive data. Ensure adherence to privacy and confidentiality laws and policies, as well as those documented in your organization’s Written Information Security Program (WISP).

Additionally, individuals are urged to check the source of information received and to confirm the accuracy with at least one additional reputable source. Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.

How may AAFCPAs help?

AAFCPAs conducts Cyber Security & Technology Risks Assessments to help clients identify risks from the use of technology that could potentially cause information loss or financial or reputational harm to an organization. These assessments may include:

• A proactive assessment of risks associated with social engineering attacks, including simulated phishing, spear phishing, and whaling expeditions by AAFCPAs’ “White Hat” Certified Ethical Hacker (CEH)
• An assessment of IT General Controls (ITGCs), including programs, data, change management, and computer operations
• An assessment of IT Vulnerabilities and Penetration Testing
• Assessments of Firewall, Wireless, and VPN Configurations

If you have questions or concerns at this time related to your organization’s IT & Cyber Security, or if you have been a victim of a breach, please contact James Jumes, MBA, M.Ed., leader of AAFCPAs’ Business & IT Consulting practice at: 774.512.4062, jjumes@nullaafcpa.com; Vassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.com; or your AAFCPAs Partner.