Written by Charlotte Wibäck | Stockholm
on March 12, 2020

What you need to know to protect your business and employees from hacker and disinformation attacks during the COVID-19 (coronavirus) crisis.

During extraordinary events, like the current COVID-19  (coronavirus) outbreak, we tend to increase our search for information to learn as much as possible about the situation.  Sometimes this means that we lower our guards and click faster than usual when we open links or share posts.

This, however, makes our businesses vulnerable to disinformation and hacker attacks. Therefore, it is even more important to be vigilant in a crisis and carefully review the source of information. Hackers and others with questionable intent take advantage of this temporary weakness in people's state of mind and use it as an opportunity to create panic and spread malware.

Click-happy behaviour poses a danger for your business and may create a crisis within the crisis with long-term effects that are difficult to recover from. To be prepared, it is good to be aware of some of the dangers.

40% of companies hit by a crisis do not survive,
60% close for business within two years, and
70% of smaller companies close down within a year of a crisis.
—The American Chamber of Commerce


Clicking before thinking

Many people are very concerned about the rapid spread of the COVID-19 (coronavirus) in our society, posing a direct threat to our heath and the way we live. In an emotional state of mind, an individual decides what he/she will click on and share.  In such situations, we also tend to seek information that confirms what we already think or believe. That means people are at a higher than usual risk of acting on a piece of information.

In an emotional state of mind people tend to follow others and go along with what they think. This might mean that if a large enough group of people spreads a piece of information, the actual source or truth in the claim might be overlooked. To make it even more tricky, we tend to think we are right more often than not, which makes us really bad at taking in information counter to what we believe we know. In addition, we have a slightly questionable attraction to sensational and provocative materials: like people who can’t look away at the scene of an accident.

Click enticers

  • Hackers

Hackers often want to spread malware and they might create emails or messages that look like they are from healthcare facilities or official institutions with specific information about COVID-19. The email will have a link attached with an interesting headline to get you to click on it, such as “how you can protect yourself from the new Coronavirus”.  Clicking on this link may lead to malware spreading and cause damage, such as important data being destroyed, or classified information may be leaked leading to trust issues with key stakeholders, for example.

  • Disinformation

Disinformation is the intentional spreading of untrue and/or misleading information with the aim of causing harm or influencing people’s attitudes, beliefs and/or behaviour. Getting people to unintentionally spread disinformation further is part of the strategy. Disinformation is not a new phenomenon, but today’s digital environments enable the rapid spread of information to many people.

  • Propaganda

Propaganda can be described as any message intended to change the perception and behaviour of the recipients. The aim of propaganda is often to increase polarisation between different groups. Sometimes propaganda is spread through unethical methods, such as fake profiles with fake claims aiming to manipulate the reader.

Disinformation and propaganda can cause more damage than the crisis itself as it may lead to panic, which may lead to financial loss.

Protecting your business

1.   Implement a sharing is uncaring policy

Before sharing a post or a link consider the possible impact it might have if it is based on rumors, misunderstandings, disinformation or propaganda. Everyone needs to be responsible in how they handle information to avoid causing unnecessary harm or worsen the situation.

2.   Triple check the source

Always check the source of the message and do not share or click on any links. By moving the cursor over an email address of a sender, a different address than the one you see might be revealed. You might also be able to see that something is not quite right if there are spelling errors or the incorrect logo.

3.   If in doubt, delete

With this in mind, think twice before sharing and be wary of anyone offering simple solutions. As the saying goes, “if it sounds too good to be true, it probably is.”  Always ask yourself who benefits from you sharing the information. Who is the sender? Is it a government agency or international organisation or media?

Are different perspectives considered?  When was it created and is it up to date?

If in doubt, delete.

4.   Reliable information

Finally, please share with your employees reliable sources of information on the COVID-19 coronavirus such as this WHO website.

This will help steer people away from sharing incorrect information, which may have damaging and long-term effects on your business.

Want more information about crisis communications?

Prepare your business.

Crisis communications consult


    Subscribe to our blog