Skip to Content
Bank of America Coronavirus Resource Center See details

Be Cyber-Secure: Best Digital Practices for Businesses

Ideas to help you protect yourself and your business in the current environment.

Photo of a man leaning over a desk in his home office. He is holding documents with one hand and typing on a laptop with the other hand.

The coronavirus has changed the way people are working and communicating across the globe. While businesses of all types adjust to rapidly shifting circumstances—and millions of employees are rising to the challenge by working from home—cyber criminals are attempting to capitalize on this situation by compromising information and stealing assets through scams.

 “Cyber criminals are known for exploiting unfamiliar circumstances, particularly in times of great change,” says Craig Froelich, Chief Information Security Officer for Bank of America. “By acting quickly and knowing what to look for, businesses around the world can identify and eliminate coronavirus-related scams as we work to protect what matters most.”

Recent cyber crime attempts include:

  • A downloadable app for tracking coronavirus cases, which resembles maps created by legitimate public health institutions but contains malware that can infect or freeze devices.
  • Phishing scams in which fraudulent emails that appear to come from the World Health Organization, the Centers for Disease Control or charitable organizations request personal information or urge recipients to click on malware-infected links.
  • Robocalls offering coronavirus treatments or assistance with government stimulus payments, in which personal information is requested.

Despite these concerns, there are many defenses you can combine with best practices to protect your company’s data and finances. 

On the left, there is an illustration of an alert icon. The header text below reads: Be alert for the most common types of cyber crime attempts. On the right there is an illustration of a woman sitting at a desk working on her computer with a cat sitting on the floor beside her.

With many of us working from home, and businesses working to adapt to the new circumstances, it helps to remember the key ways in which cyber criminals try to take advantage of companies large and small.

On the left, the header text reads: Phishing. On the right there is an illustration of an open envelope containing a letter. A fishing hook is sticking through the envelope and the letter.

Phishing messages are emails that appear to originate from known or credible sources, but are in fact from cyber criminals trying to exploit disrupted work environments and gain access to business data. Embedded links also may install malware onto a device. 

On the left, the header text reads: Vishing. On the right there is an illustration of a smartphone with the antenna signal and a contact icon floating beside it in a cloud of squares, representing an incoming call.

Vishing attempts—voice combined with phishing—come via your phone. Robocalls are a method used to scam people and businesses out of data and money. Criminals will create a sense of urgency to incite quick responses from their targets. 

On the left, the header text reads: Apps. On the right there is an illustration of a cell phone. Various apps are floating above the phone, along with a circle connecting some of the apps.

Employees forced to work remotely may install apps to stay current on news or to streamline work processes. They should make sure to download apps from reliable sources and make sure they do not violate company guidelines if they’re installed on work devices. 

On the left, the header text reads: Websites. On the right there is an illustration of a laptop. A website page is open, and a mouse cursor is clicking on the site.

As workers and private citizens seek current information, cyber criminals also are spoofing websites that provide updated information about the coronavirus, hoping that visitors will click on embedded links. 

"Cyber criminals are known for exploiting unfamiliar circumstances, particularly in times of great change. By acting quickly and knowing what to look for, people around the world can identify and eliminate coronavirus-related scams.” 

Craig Froelich, Chief Information Security Officer, Bank of America

How to proactively protect your business or employer:

When working from home, only use wireless networks that are secured and require a password. Avoid public Wi-Fi networks, and never conduct any financial or confidential work over a public Wi-Fi connection. Utilize company VPNs whenever possible.

Conduct all business matters on company approved devices, especially when working remotely.

Never trust unknown individuals. Verify any communication that claims to be "urgent," and do not send any information to recipients you cannot confirm as legitimate.

Do not discuss confidential information around your family, and do not allow other family members to use your work devices for recreational use when working remotely. As much as is practically possible, conduct your work in a private space.

Ensure communication validation steps are followed when working remotely to ensure company information and data stays secure. 

If you suspect you’ve been targeted:

Don’t delay. Acting quickly after an incident can minimize damage to your business.

Follow your company’s protocols if you think your company device has been compromised.

Document everything about the incident. The more information you have, the better armed you’ll be to assist an investigation by your company and law enforcement officials, and the better prepared you’ll be against future incidents.

Change all passwords that may have been breached.

Contact your bank’s relationship manager to freeze transactions as soon as you can.

Disconnect your device from your company’s network if you suspect you have been the target of malware.


Stay connected, stay protected:

To help keep your account information safe and secure during this period, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text, or unsolicited calls. Visit our Security Center or the Federal Trade Commission’s Coronavirus Scam Tips for tips on how to recognize potential scams and learn more about how to keep your accounts safe.

Related Insights