Nonprofit Accounting Basics

Cybercriminals Exploit COVID-19 – Don’t Become A Victim

Note: Articles published before January 1, 2017 may be out of date. We are in the process of updating this content.

Updated: 
May 01, 2020

In response to COVID-19, many organizations are using a Virtual Private Network (VPN) and the related IT infrastructure to shift their workforce to teleworking. Organizations have also increased their use of Microsoft’s Remote Desktop Protocol and other popular communication platforms such as Zoom and Microsoft Teams. These could potentially make IT systems vulnerable unless the right security measures are in place.

Cybercriminals also take advantage of human traits to trick potential victims to click on a link, to download an app that may lead to a phishing website, to download malware such as an email attachment, or to donate to fraudulent charities.  Therefore, users should exercise caution when handling any email with a COVID-19 related subject lines.    

The Cybersecurity and Infrastructure Security Agency (CISA) encourages individuals to remain vigilant and take the following precautions:

  • Avoid clicking on links in unsolicited emails and be wary of email attachments
  • Use trusted sources—such as legitimate- government websites such as CDC for up to date, fact-based information about COVID-19
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information
  • Verify a charity’s authenticity before making donations

CISA also recommends that organizations examine the security of their IT systems by taking the following steps:

  • VPN and other remote access programs are fully patched
  • Enhance system monitoring to receive early detection alerts on abnormal activity
  • Implement multi-factor authentication
  • Ensure all machines have properly configured firewalls, as well as anti-malware and intrusion prevention software installed
  • Test the capability of remote access solutions or increase capability
  • Ensure that the continuity of operational plans or business continuity plans are up to date
  • Increase awareness of information technology support mechanisms for employees who work remotely
  • Update incident response plans to consider workforce changes in a distributed environment