During times of national or global uncertainty, there comes more opportunity for hackers to obtain sensitive personal and financial information from unsuspecting victims. Unfortunately, the COVID-19 pandemic is no different.
Many Americans utilize the internet for answers regarding Coronavirus and its resulting economic and social impacts. The vulnerability of individuals and businesses in this unprecedented and unpredictable era make us easy scam targets. Here at KerberRose, we are dedicated to making sure you and your organization are informed about and prepared against these cyber actors.
Organizational Cybersecurity Practices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is working closely with critical infrastructure partners to monitor the effects of Coronavirus and prepare for possible disruptions to critical infrastructure stemming from the virus.
On March 6, 2020, the CISA released an alert to remind everyone to stay vigilant for scams relating to COVID-19. According to this alert, cyber actors may send emails claiming they are related to important information about Coronavirus, but instead are layered with malicious attachments or links to fraudulent websites with intent to trick victims into revealing sensitive information, such as donating to fraudulent charities or causes.
CISA encourages individuals to remain vigilant and take the following precautions:
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
Review CISA Insights on Risk Management for COVID-19 for more information.
As many of us are now working remotely, it is in the best interests of your organization to review their IT capabilities and expand them if necessary. As a remote worker, it is your responsibility to take every precaution against hackers and remain vigilant to phishers and other scammers. Here are some tips for working remotely in a secure fashion:
1. Passwords are the first line of defense and are critical for access data and applications.
- Make sure your home router password is not easy to guess and does not include your address or any personal names.
- Enable multi-factor authentication whenever possible.
2. Operating system security patches must be accepted and stay up-to-date.
- Require employees to have their operating systems set to automatically update and remind them to accept all relevant security patches.
3. Be aware of phishing emails.
Phishing is easy for scammers and hackers when there are more of us online, and they are sure to use concerns about virus spread to trick people into giving them sensitive information.
- Always “mouse” over the email sender’s name to determine if it is fraudulent.
- Look for clues in an email or a link like a misspelled company name or creating a sense of emergency asking you to respond or provide personal/financial information.
- Websites with the “s” after http indicates the connection between your computer and the website is “secure.” However, informational pages will not have the “s.”
- Do not click on any pop-ups or ads.
- Most individual ransomware emails are fake, so verify emails with a security professional, if possible, before responding.
- Every company should have a main point of contact for employees to inform when they receive phishing emails or individual ransomware.
4. Practice social distancing online, too.
- Limit the amount of personal data you share on social media to reduce threats.
- Share all data via online secure cloud applications. USBs should not be used, as they can spread malware.
We should be thankful to live in a world where a nearly global shut-down does not mean work and life must also come to a stop; however, we should also be exercising safe practices while using this technology.
If you still have questions or concerns about cybersecurity during the COVID-19 emergency, contact KerberRose Technology. KerberRose Technology offers a variety of managed and co-managed services packages; focusing on backup solutions, disaster recovery and planning, dark web monitoring, virtual CIO services, and IT project planning and implementation. If you or your organization are looking to improve your IT security, contact a KerberRose trusted technology advisor today at 715-524-5699.
For more information, visit these links:
CISA: Identifying Critical Infrastructure During COVID-19
CISA: Guidance on the Essential Critical Infrastructure Workforce
CISA Releases Guidance on Essential Critical Infrastructure Workers During COVID-19
Global Cyber Alliance: Three Simple Tips for Working From Home
National Institute of Standards and Technology’s (NIST): Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
National Cyber Security Alliance: COVID-19 Security Resource
NIST: Security for Enterprise Telework, Remote Access, and Bring Your Own Device Solutions.pdf
U.S. Office of Personnel Management