Jeff Ruby Culinary Entertainment

Opticare Vision/Express Mobile Transport

Tuesday, September 22, 2020

National Cybersecurity Awareness Month Puts Focus on Increased Threats in the Wake of COVID-19



By Sarah Sanders
IT Director of Rudler, PSC

The COVID-19 (novel coronavirus) has brought about numerous unwanted changes in our daily lives, including one that, those outside of the IT field, may not have thought of: Increased cybercrime.

This July, Vladimir Voronkov, the United Nation’s counterterrorism chief, announced a 350% increase in phishing websites (websites that disguise themselves as legitimate/trustworthy in order to obtain users’ sensitive data) in the first quarter of 2020. While many of these cyber criminals targeted hospitals and health care systems, further hindering their responses to the pandemic, there was an overall 273% increase in large scale data breaches in 2020’s first quarter (as compared to 2019). With this in mind, businesses’ need for increased cybersecurity is obvious.

Now in its 17th year, National Cybersecurity Awareness Month , which takes place in October, is marking the need to address these constant threats with the theme “Do Your Part. #BeCyberSmart.” An effort of the Cybersecurity & Infrastructure Security Agency, National Cybersecurity Awareness Month offers a full slate of resources to assist in the fight against cyberattacks and protecting yourself and your business online. 

To best utilize them, though, it’s important to know the current threats circulating online and how to recognize them in order to combat them.

CYBERTHREATS 101

There are three primary cyberthreats online: (1) Phishing practices, (2) malware and (3) man-in-the-middle attacks. As mentioned above, phishing “fishes” for personal information by sending fraudulent emails, texts and/or emails to gain access to sensitive data such as credit cards to make purchases, or steal your identity to open lines of credit. Unfortunately, the COVID-19 pandemic has created more opportunities for phishers, often posing as health organizations and delivering fake coronavirus-related news.

Malicious software – “malware” – are viruses that, once embedded on your computer’s hard drive, can cause numerous problems. These include: Blocking access to your network, installing harmful applications/programs on your computer without your knowledge, obtaining your passwords and other sensitive information by monitoring your keystrokes (spyware) and/or generally making your computer inoperable. Ransomware can also hold you hostage by demanding some form of payment to “release” your computer back to normal. 

With more people working remotely as a result of COVID-19, hackers are now joining active Zoom meetings and creating websites to mirror legitimate video communication channels, including Google classroom. Other scams may ask you to open a Google Docs file which, if opened, gives the hacker access to both your emails and all your contacts they may then message from your account, spreading their attack further once opened.

Last but certainly not least, man-in-the-middle attacks, also known as eavesdropping attacks, allow a third party to listen in or receive information being transmitted between two people.

These attacks often occur through unsecure public Wi-Fi networks – which is why it’s important to only use Zoom in secure settings – or by leveraging malware.

BE SMART & SAVVY

While the schemes may change, the best way to protect yourself against them is to be smart and savvy. Because we deal with confidential financial records, Rudler, PSC employees are required to participate in ongoing KnowBe4 training to help protect clients’ sensitive information.

In addition to leveraging ongoing training, these tips can help you and your employees avoid becoming some would-be criminal’s next victim:

  • Approach any unsolicited email with skepticism and caution; if the email address doesn’t match the sender’s origin name.
  • If there are typos present, an incorrect URL and/or low-resolution images in the message, it should likely be averted.
  • Likewise, government agencies such as the IRS will not contact you via email or phone; they will send you a letter in the mail asking you to contact them at a specific number.
  • Also, look for HTTPS-secured sites (there is usually a locked padlock icon in the address bar) before entering credit card information anywhere.
  • In addition, verify an unsolicited email’s links and/or phone numbers by Googling them against the site they supposedly represent first to make sure they match and are not a well thought out imitation.

If you suspect or verify that you or an employee has fallen victim to a cyberattack, disconnect any affected devices from the network where the hacker likely accessed your device, being sure to change passwords and PINS as well. Contacting an IT professional immediately to fix the situation is also highly recommended. 

Basic antivirus software will not typically be able to diagnose the source of the attack or clean your hard drive/server thoroughly enough where malware can be deeply embedded. After freezing company credit cards and bank accounts tied to the device, reporting the attack to the Federal Trade Commission and/or Homeland Security is also good practice as the scheme could be part of a larger attack.

By being smart and savvy, you can make this National Cybersecurity Month the perfect time to secure your organization’s most trusted information against outside threats.

No comments:

Post a Comment