coronavirus scam alert headline

Cybersecurity and COVID-19: What You Need to Know

The COVID-19 pandemic is one of the biggest challenges people alive today have experienced during their lifetime. It’s not only attacked our health but just as bad it’s attacked the global economy. And if that’s not enough, cybercriminals are attacking adding another variable of risk individuals and businesses should be aware of.

Most people who can work remotely from home are doing so during the COVID-19 pandemic, and many will continue to do so even after the economy begins to re-open.  As great as this is for employees and companies, it has opened a door of new opportunities for cybercriminals.

The crises have unleashed a wave of cyberattacks, with hackers and scammers taking advantage of anxiety and untrained workers using new remote applications without following the best security practices. Everyone is a target, small or big. The U.S. Department of Health and Human Services was attacked on March 15, and a major COVID-19 testing hub in the Czech Republic suffered a ransomware attack the same week. One man was arrested for a business email scam for surgical masks after he defrauded a pharmaceutical company out of 6.6 million Euros.

So far, in 2020, the FTC has received more than 15,000 coronavirus-related consumer complaints of fraud and scams. Including 7,200 complaints in the first nine days of April alone, costing people $7 million in damages.

In 2019 the FBI’s Internet Crime Complaint Center (IC3) received a total of 467,361 complaints with reported losses exceeding $3.5 billion. Given the current climate and rising incidents of cybercrimes, companies of all sizes need to implement basic risk avoidance measures.

What are the most common cyber crimes?

Cybercriminals are using the COVID-19 pandemic as part of their cyber operations. They will often masquerade as trusted entities with information or high demand products like masks. The most common forms of attack seen to date are expected to continue.

  • Phishing — coronavirus-themed phishing messages.
  • Malware Distribution — using COVID-19-themed lures.
  • Remote Application Attacks — targeting remote access and teleworking infrastructures.

These malicious cybercriminals rely on social engineering methods to lure a user into carrying out a specific action. They take advantage of human traits like curiosity and concern around the COVID-19 pandemic. Two of the most common actions they get users to take are:

  1. Click on a link or download an app that leads to a phishing website or the downloading of malware — including ransomware. For example, one app claimed to provide a real-time COVID-19 outbreak tracker. But it actually tricks users into providing admin access to install “CovidLock” ransomware on their device. 
  2. Open a file like an email attachment that contains malware.

How to avoid and minimize cybercriminal attacks

Train employees

Awareness and knowing how to identify possible attacks can substantially reduce the risk of a cyber-attack. Companies should train employees and in terms of what to look for and avoid online. Some basic tips include looking out for:

  • Emails from the CDC or other Experts — The CDC doesn’t send emails to the public. Any emails claiming to provide inside information on the virus or treatment should be considered spam and flagged appropriately.
  • Don’t click on links from unknown sources — Cybercriminals are using the COVID-19 headline to spread viruses and steal information. Employees need to be aware that they should not click on any unknown links.
  • Don’t open attachments from unknown sources — Opening attachments can install malware.
  • Educate employees — Being aware of terms like phishing, spear phishing, whale phishing, phone phishing, will help employees identify these scams more easily.


Aside from being aware of possible threats, tightening up cybersecurity practices, and making it harder for cybercriminals to breach a company’s security system will go a long way in mitigating your risk.

  • Multi-factor authentication — Make sure to enable it on account logins which makes it much more difficult for hackers to gain unauthorized access.  
  • Passwords — Don’t reuse passwords. Always use a strong and unique password for each account.
  • Anti-virus Software — Make sure all computers are updated with the latest available anti-virus software and malware detection.
  • Lockdown — Enabling a lock screen and encrypting company devices gives employers peace of mind knowing if the device is stolen, it’s unlikely that an attacker will be able to access it.

The need for cybersecurity coverage

Even when you do everything right, there’s still a risk of getting compromised. Cybercriminals are really good at what they do. Once security has been breached, businesses will need a team of cyber and legal experts to navigate the situation.

McGowan Program Administrators have created CPAOnePro ℠ that provides quality professional liability solutions for public accounting firms. Broad network security and privacy coverage is part of that the special features and coverages. Our team has decades of experience working with CPA firms and providing coverage enhancements where we see gaps. Contact us to learn more.

Share this post