While we aren’t fully out of the weeds yet, it appears as though an end is in sight for the Coronavirus pandemic. When this first began to be a major risk in March of 2020, surely none of us knew what this would balloon to and how prevalent COVID-19 would be in our daily lives a full year later.
Many businesses, particularly smaller ones, were unfortunately unable to keep on all employees during the last year as the restrictions set upon us all by our governmental leaders required many to limit capacity and operations and forced some to close down completely. Much of the small businesses that existed pre-pandemic have been forced to close their doors for good as they were unable to be operational for such a long time. For those who were fortunate enough to stick around or find new life after a year of craziness, hiring will now need to take place to be able to go from serving 25% capacity to 75% or even 100%. Yet again, scammers try to take advantage of any good intentioned person online.
Fake applications have been hitting businesses where malicious actors decide to submit false online applications, pretending to be legitimate applicants. This is a typical issue for many businesses that utilize the Internet to find qualified applicants, but the threats are even worse now that most communication is occurring purely online. Tip: Verify an applicant’s identity by asking them for multiple means which you can contact them; typically, a cybercriminal will not want to be contacted via telephone. It can also be helpful to try and research said applicant on social media or professional networking applications to flesh out if they are or are not legitimate. While a highly sophisticated fake applicant might be harder to identify, most will be found out by doing a little extra digging and contacting this person in a variety of ways.
Lack of Employee Cyber Education
When these new and/or returning employees come back to work, they will need to be refreshed or educated on your company’s cybersecurity policies. One of the biggest cyber threats to a company is lack of employee knowledge when it comes to best practices. Roughly 19% of professionals use weak or easily guessable passwords for work-related accounts. Additionally, a phishing attack is one of the primary ways that cybercriminals get into your company’s networks and are the vehicles upon which cyber attacks like DDoS or ransomware are delivered. Phishing attacks are only effective if the recipient falls for it; a well-educated employee will be less likely to fall for a phishing scam, as they are usually highly identifiable due to poor grammar or strange senders. Tip: While employees can be your biggest cyber threat, a team of educated employees can be your greatest attribute when it comes to cybersecurity. Conduct an introductory cybersecurity training when a new hire onboards with your company; then have regular, be it annually, semi-annually, or quarterly, training refreshers which are updated to reflect the current climate of the company as well as online threats that emerge as well.
While this is not so much a risk, it is a consideration that small businesses especially should visit after the events of the last year. Many small businesses think they will never be hacked or never have been hacked because “We’re so small, who would want to hack us?”; when the reality is that this likely means you’ve already been hit by a cyber attack. If the expectation is for those new or returning employees need to be a strong link in the chain that is your company’s cybersecurity, you as a business owner owe it not only to them but to yourself and the entity that you created as well as your loyal customers to care about security in the online world. Tip: Not only can a typical cyber threat be thwarted by the implementation of an emergency action plan, but your business can be ready to adjust regardless of the circumstances, like a pandemic for instance. Be sure your emergency plan is comprehensive, clear, but also flexible so that it can be adaptable to adjust to the specific scenario to be dealt with.