Research Hub > How to Avoid a Census Scam: 5 Steps for Protecting Your Organization
3 min

How to Avoid a Census Scam: 5 Steps for Protecting Your Organization

Cybercriminals may use the census to exploit your employees, but these steps can help you prepare for upcoming attacks.

The decennial U.S. census is about to begin. By April 1, every home in the country should receive an invitation to participate in the census. Those who don’t answer will receive follow-up notices and personal visits from census workers seeking to conduct an accurate count of the nation’s population.

The work of the census provides crucial information for government agencies, academic researchers and private businesses, but it also opens the door for cybercriminals seeking to exploit the widespread publicity around the census to conduct malicious attacks. We will inevitably witness social engineering attacks from individuals pretending to be associated with the census asking for Social Security numbers, passwords and other sensitive personally identifiable information.

Request a CDW security assessment to start identifying hidden risks in your IT environment.

Organizations need to prepare themselves for these inevitable attacks and ensure that their employees don’t fall for scams that accidentally compromise sensitive information. Let’s take a look at five things businesses can do right now to protect themselves against census-related scams.

1. Launch a Census-Focused Cybersecurity Awareness Campaign

Remind employees that they should never provide their Social Security numbers or other PII to anyone they don’t trust. The census will not reach out to anyone by email, so any email messages requesting participation are fraudulent. Most invitations to participate will come in the form of a paper letter or postcard directing people to the website. Some households will be visited by census workers carrying official government IDs. Remind your employees of these important details and encourage them to report any suspicious messages.

2. Conduct an Anti-Phishing Campaign

Many organizations now use simulated phishing campaigns as an important part of their security awareness programs. These campaigns use realistic-looking phishing messages to educate users about the dangers of clicking suspicious links. If you don’t already use an anti-phishing service, consider adopting one now. If you already conduct anti-phishing campaigns, develop a census-themed message to help raise awareness around this timely issue.

3. Secure Your Email Gateway

Email remains the most commonly exploited attack vector, but organizations tend to devote a very small portion of their security budgets to protecting their email gateways. Ensure that your email gateway is ready for the onslaught of census-themed attacks by implementing anti-spoofing controls, such as DMARC and DKIM, upgrading spam detection technology, and using URL-rewriting to prevent users from clicking on potentially malicious links.

4. Protect Your Endpoints

Laptops, desktops and mobile devices offer potential attackers a foothold from which they can wage larger attacks against the organization. Security teams should implement endpoint protection strategies that incorporate artificial intelligence to spot hidden threats and protect the organization against sophisticated attackers.

5. Conduct a Cybersecurity Maturity Assessment

The best way to protect your organization against any cybersecurity risk is to maintain a robust cybersecurity program. CDW offers cybersecurity maturity assessments that help organizations assess the current state of their security controls against industry standards. CDW’s skilled security experts then work with the organization to develop a remediation plan that bolsters its defenses against modern cybersecurity threats.

By protecting your organization against census-themed attacks, you’re also laying the foundation for a strong security posture against a wide variety of risks. After all, as soon as the census-themed messages slow down, tax season will arrive, and users will be hearing from fake IRS agents once again.