Skip to Content
Bank of America Coronavirus Resource Center See details

Be cyber-secure: Best digital practices for businesses

Ideas to help you protect yourself and your business in the current environment

Photo of a man leaning over a desk in his home office. He is holding documents with one hand and typing on a laptop with the other hand.

LAST YEAR, THE CORONAVIRUS CHANGED the way people work and communicate across the globe. While businesses of all types adjusted to rapidly shifting circumstances—and millions of employees rose to the challenge by working from home—cyber criminals are attempting to capitalize on this situation by compromising information and stealing assets through scams.

“Misinformation and uncertainty opened the door for an increase in criminal activity over the past year,” says Craig Froelich, Chief Information Security Officer for Bank of America. “As many people continue to work remotely, it’s important to encourage cyber best practices. Educate your employees to keep their home network and account passwords strong. These two basic steps will improve their cyber security, and help keep work devices safe.”

Recent cyber crime attempts include:

 

  • A downloadable app for tracking coronavirus cases, which resembles maps created by legitimate public health institutions but contains malware that can infect or freeze devices.
  • Phishing scams in which fraudulent emails that appear to come from the World Health Organization, the Centers for Disease Control and Prevention or charitable organizations request personal information or urge recipients to click on malware-infected links.
  • Robocalls offering assistance with government stimulus payments, in which personal information is requested.
  • Stealing your identity using information available on your vaccine card. The trend of sharing photos of your card on various social media platforms to raise awareness for vaccinations also enables criminals to gain access to your personal information.

Despite these concerns, there are many defenses you can combine with best practices to protect your company’s data and finances.

On the left, there is an illustration of an alert icon. The header text below reads: Be alert for the most common types of cyber crime attempts. On the right there is an illustration of a woman sitting at a desk working on her computer with a cat sitting on the floor beside her.

With many of us working from home, and businesses working to adapt to the new circumstances, it helps to remember the key ways in which cyber criminals try to take advantage of companies large and small.

On the left, the header text reads: Phishing. On the right there is an illustration of an open envelope containing a letter. A fishing hook is sticking through the envelope and the letter.

Phishing messages are emails that appear to originate from known or credible sources, but are in fact from cyber criminals trying to exploit disrupted work environments and gain access to business data. Embedded links also may install malware onto a device.

On the left, the header text reads: Vishing. On the right there is an illustration of a smartphone with the antenna signal and a contact icon floating beside it in a cloud of squares, representing an incoming call.

Vishing attempts — voice combined with phishing — come via your phone. Robocalls are a method used to scam people and businesses out of data and money. Criminals will create a sense of urgency to incite quick responses from their targets.

On the left, the header text reads: Apps. On the right there is an illustration of a cell phone. Various apps are floating above the phone, along with a circle connecting some of the apps.

Employees forced to work remotely may install apps to stay current on news or to streamline work processes. They should make sure to download apps from reliable sources and make sure they do not violate company guidelines if they’re installed on work devices.

On the left, the header text reads: Websites. On the right there is an illustration of a laptop. A website page is open, and a mouse cursor is clicking on the site.

As workers and private citizens seek current information, cyber criminals also are spoofing websites that provide updated information about the coronavirus, hoping that visitors will click on embedded links.

“As many people continue to work remotely, it’s important to encourage cyber best practices. Educate your employees to keep their home network and account passwords strong.”

Craig Froelich, Chief Information Security Officer, Bank of America

How to proactively protect your business or employer:

When working from home, only use wireless networks that are secured and require a password. Avoid using public Wi-Fi networks, and never conduct any financial or confidential work over a public Wi-Fi connection. Utilize company VPNs whenever possible.

 

Conduct all business matters on company-approved devices, especially when working remotely.

Never trust unknown individuals. Verify any communication that claims to be “urgent,” and do not send any information to recipients you cannot confirm as legitimate.

Do not discuss confidential information around your family, and do not allow other family members to use your work devices for recreational use when working remotely. As much as is practically possible, conduct your work in a private space.

Ensure communication validation steps are followed when working remotely to ensure company information and data stay secure.

If you suspect you’ve been targeted:

Don’t delay. Acting quickly after an incident can minimize damage to your business.

Follow your company’s protocols if you think your company device has been compromised.

Document everything about the incident. The more information you have, the better armed you’ll be to assist an investigation by your company and law enforcement officials, and the better prepared you’ll be against future incidents.

Change all passwords that may have been breached.

Contact your bank’s relationship manager to freeze transactions as soon as you can.

Disconnect your device from your company’s network if you suspect you have been the target of malware.

 

Stay connected, stay protected:

To help keep your account information safe and secure during this period, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center or the Federal Trade Commission’s Coronavirus Advice for Consumers for tips on how to recognize potential scams and learn more about how to keep your accounts safe.

Related Insights

TOP