As more of America’s workforce is forced to work remotely during the COVID-19 Crisis, it is imperative that Organizations stay aware of its specific Cybersecurity risks. Social Engineering is still a major threat while practicing social distancing/isolation directives.
Organization Cybersecurity:
- Secure systems that enable remote access
- Ensure VPNs or other remote system are fully patched
- Enhance system/continuous monitoring to receive early detection and alerts on abnormal activity
- Implement multi-factor authentication where possible
- Ensure all machines have properly configured firewalls, anti-malware and anti-intrusion software installed and up to date.
- Test remote access solutions capacity, consider adding capacity if necessary
- Ensure continuity of operations plans and business continuity plans are up-to-date
- Increase awareness of information technology support mechanisms for employees working remotely
- Update incident response plans to consider workforce changes in a distributed environment
- Review the National Cyber Security Alliance’s COVID-19 Security Resource Library: https://staysafeonline.org/covid-19-security-resource-library/
Workforce / Consumers Cybersecurity:
Malicious actors will take advantage of public concern surrounding COVID-19 by conducting phishing attacks and disinformation campaigns. Phishing attacks often us a combination of email and bogus websites to trick victims into revealing sensitive information. Disinformation campaigns can spread discord, manipulate the public conversation, influence policy development, or disrupt markets.
Defending against Cybersecurity threats and scams –
- Secure your Home network with WPA2/WPA3 Encryption and follow your employer’s security policies and procedures
- Dispose of sensitive data securely
- Avoid clicking on links in unsolicited emails and be wary of email attachments
- Use trusted sources – such as legitimate, government websites for up-to-date information. See: www.coronavirus.gov; www.fda.gov; www.epa.gov; and www.cdc.gov
- Examine URL addresses closely for misspellings and proper domains (for example, an address that should end in “.gov” instead ends with “.com”, “.cc”, or something similar)
- Do not reveal personal or financial information in an email, and do not respond to solicitations for this information. Including usernames, passwords, date of birth, social security numbers, financial data, or any other personal information
- Verify charity authenticity before making donations
- Review the Cybersecurity and Infrastructure Security Agency’s tips on Avoiding Social Engineering and Phishing Attacks, see: https://www.uscert.gov/ncas/tips/ST04-014
- Review the Federal Trade Commission’s blog post on Coronavirus Scams, see: https://www.consumer.ftc.gov/blog/2020/02/coronavirus-scammersfollow-headlines
- If you are a victim of Internet scam or cybercrime, then visit the FBI’s Internet Crime Complaint Center: www.ic3.gov
Current Known Scams:
- Fake CDC Emails
- Phishing emails claiming to be charitable organizations, general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits
- Robocalls / Phone calls to the same effect as Phishing emails above
- Netflix (or similar services) Text Message scams capable of installing malicious programs on your mobile device
- Extortion emails threatening to infect you with Coronavirus
- Hoax phone calls from CDC asking people to reserve COVID-19 Vaccines
- Scams promising $1K checks for economic relief
Other Telework concerns and resources:
These are offered as additional resources designed to assist in helping make the leap from traditional office to virtual workspace easier and more secure.
- Government’s guidance from the Office of Personnel Management: www.telework.gov
- The National Institute of Standards and Technology (NIST) blog, “Preventing Eavesdropping and Protecting Privacy on Virtual
Meetings.” https://www.nist.gov/blogs/cybersecurity-insights/preventingeavesdropping-and-protecting-privacy-virtual-meetings - The Cyber Readiness Institute’s quick guide to “Securing a Remote Workforce.” https://www.cyberreadinessinstitute.org/cyber-readinessnews/securing-a-remote-workforce
More resources:
https://www.justice.gov/opa/pr/justice-department-files-its-first-enforcement-actionagainst-covid-19-fraud
https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing
https://www.consumer.ftc.gov/blog/2020/03/online-security-tips-working-home
Jameson Miller, Director
Mauldin & Jenkins
JMiller@mjcpa.com
423-756-6133
