Data security, hacking, and COVID-19: The coronavirus isn't just a danger to your health; it's an opportunity for cyber criminals to bleed your business dry.

April 1, 2020

In a May 2019 article, we warned contractors to beware of the dangers hackers looking to snag online payments.

Today, the danger is greater than ever, and it isn't limited to contractors.

Any business (and any person anywhere) using e-mail, remote access, or online programs to conduct their business or finances is vulnerable to hacking. Those vulnerabilities are magnified by the measures governments around the world and in the U.S. are taking to slow the spread of the novel coronavirus and the accompanying COVID-19 disease.

Exposure

In an effort to protect their workers and customers, businesses are moving their operations online - at a level and to an extent that has never been done before. Employees are working remotely on an unprecedented scale, relying on e-mails, text messages, instant messages, and remote access to communicate within and outside of their business.

These online systems are only as strong as the weakest link in the digital chain of communications. And the greatest cyber security in the world can be defeated by one employee failing to realize they are communicating with a scammer. A hacker gaining access to an employee's email account - or worse, obtaining the credentials to remotely log in to a business's network - could devastate a business very quickly.

The reality of the current international crisis creates new targets of opportunity for hackers looking to make a quick, tax-free buck by stealing money from unsuspecting business and employees. Beyond the risks that hackers pose from intercepting large payments (the scheme addressed last year), a clever hacker could, as examples, direct a company's payroll staff to send an employee's paycheck to the criminal's bank account; impersonate a company's owner to direct business funds to a "new" business account (the hacker's bank); or use a company's assets to buy gift cards.

Precautions

Under the current circumstances (but really at all times), it is imperative for businesses to take precautions. Best practices to minimize your risk of being hacked are to:

  1. Use long, strong passwords.

  2.  

  3. Never use the same password for more than one website or e-mail account. Many web browsers, computers, and cell phones can generate and save strong, randomized passwords for you, so you do not have to remember them.

  4.  

  5. If any employee's e-mail (personal or business) is hacked, change everyone's passwords, and do not re-use any password that was used anywhere.

  6.  

  7. Use an identity monitoring service (free ones exist) that scan the internet and dark web to locate compromised passwords. Make sure your passwords are not out there; if they are, change them immediately.

  8.  

  9. Change your password regularly and any time you suspect a password has been exposed or stolen.

  10.  

  11. Require your employees to use two-factor authentication for their e-mails, remote log-ins, or any online system that your business uses.

  12.  

  13. Be on the lookout for suspicious e-mails, and always call to verify changed payment instructions. But remember to call a phone number saved to your phone or from the signature block of an old e-mail that you know was legitimate. Hackers can and will change the signature block of a compromised e-mail to trick victims into calling the hacker.

  14.  

  15. Always call to verify wire instructions, by phone call to a known number, that ask you to send money to a different bank account.

  16.  

  17. Protect yourself with carefully drafted contracts and subcontracts to minimize your risks from these kinds of hacks.

  18.  

  19. If you suspect an e-mail is fake, assume it is until you can verify it by something other than an e-mail to the sender.

  20.  

A Note to Attorneys. Attorneys should be aware that an intercepted payment or hacked e-mail could have profound ethical implications and trigger obligations to inform other parties and persons of the hack. If an attorney's email is compromised, there could also be profound implications for attorney-client privilege.

Lang & Klain can help if you are the victim of hacking or are looking to protect yourself or your business from liabilities arising these threats.

Share on Facebook
Share on Twitter
Please reload

About Us

Arizona Contractor & Community magazine has become a vital forum for the state’s building industry by providing critical information and exposure to companies in the field. Moreover, the publication has expanded beyond traditional construction, architecture, and real estate topics and has found an audience with those who have fresh ideas on adaptive reuse of historic buildings or making new developments more community-friendly and sustainable.

  • Black Facebook Icon
Never Miss a Post!
Recent Posts:

CloudHauz Ready to Build Emergency and Homeless Shelters Required for Current/Future U.S. Crises

May 28, 2020

Infrastructure Bill Could Benefit Nation's Unemployment, Trucking Industry & Economy

May 27, 2020

Could business owners be legally responsible if a customer or employee contracts COVID-19?

May 22, 2020

1/17
Please reload

Serving the Construction & Engineering firms of Arizona... and those who admire their work!

  • LinkedIn - White Circle
  • Facebook - White Circle

© 2019 by Arizona Contractor & Community

  • Facebook - Black Circle
  • Instagram - Black Circle
  • LinkedIn - Black Circle