By Jessica Salerno, OSCPA senior content manager
Scammers are going to scam, even during pandemics. And unfortunately, they are using this difficult time to prey on the fears of businesses and employees.
“Scammers are so agile when it comes to how to capitalize and make the money with regards to this pandemic,” said Tiffany Pollard, risk services practice leader at William Vaughan Company, on the State of Business podcast.
Pollard suggested putting a plan in place of how to react to a potential phishing attacking.
“That way you're not reacting in fear but reacting in competence because you've planned for something like this,” she said.
Part of that plan should be maintaining appropriate insurance and completing a security assessment of IT infrastructure afterward. If one area is compromised all other areas should be checked for any potential weakness.
Some red flags Pollard suggested looking out for include emails or communications you don’t recognize. Because many people are still not in physical workspaces, they are relying more heavily on virtual communication. That’s convenient, but it can also be an opportunity for phishing attacks.
“Instead of being able to walk down the hall and talk to one of your team members, and verify content, we're now doing a lot of emails,” she said. “Make sure that if you receive an attachment, you ask is it somebody you were expecting to communicate with. And if you weren't, it doesn't hurt to just call up and verify.”
Pollard recited “trust, but verify,” as a common phrase to remember in your work, and said most people appreciate a call to verify they sent something. This is valuable to remember when clicking on Zoom links as well, because it’s common to receive those for internal and external meetings and can be easy to click on it without thinking.
And although you might feel confident in your ability to spot a phishing attack now, she said it’s crucial to stay vigilant about anything that might seem suspicious.
“Phishing has really been vocalized at different industry meetings we hear across different industry groups,” Pollard said. “As cybercriminals recognize the fast-paced nature that we're working through, different risks will continue to evolve. Being aware of the risks for your industry and monitoring those different areas will be so important as we continue to navigate through this.”
Listen to the entire episode here.