By Elizabeth Gallagher, Chief Revenue Officer of Lineate
Criminal groups such as hackers typically increase their efforts during natural disasters and other turbulent times. During this pandemic, some hackers are even targeting health centers, such as this testing hospital in the Czech Republic hit by a cyberattack which caused the organization to shut down for some time. The virus provides hackers with golden opportunities for attacks because we are all making rapid changes to the systems we use to manage our professional and personal lives. These hacking groups are already shifting some of their focus to remote workers as a conduit into corporate networks and potentially valuable data.
An increase in attacks means companies need to conduct employee training and put in place the right technology to minimize cybersecurity threats.
Stop Phishing Schemes
Hackers looking to get into corporate data often find employees are the “weak link” of any organization. These efforts often include phishing emails which are disguised as legitimate communications that are intended to trick the recipient. The fake emails might offer information on a coronavirus “cure” or be disguised as official-looking info from the CDC or other governmental agency. Additionally, employees and small businesses anxious about financial support need to be especially vigilant around phishing disguised as unemployment agencies, bank loan officers, etc. Those systems are overloaded and also working rapidly, which is leading to extra communications. The level of anxiety combined with the break in normal processes leaves us more vulnerable.
The risks with these emails are typically within their links attachments. The recipient might be encouraged to “learn more” or be directed to a fake donation page where they enter information. Or, in the case of finance relief, the recipient may be instructed to reenter social security or banking information. The phishing emails are designed to both steal personal information and to serve as an entry point for getting into corporate data. This information is then usually encrypted and held for ransom, putting the employer in a tight spot. In the worst-case scenarios, the hackers steal and leverage user information such as financial data, passwords, or Social Security Numbers.
IT should actively communicate with all employees about the types of phishing emails that are circulating along with some best practices:
- Employees should err on the side of deleting emails. They should also be certain an email is legitimate before clicking on any links or downloading attachments.
- Training should remind employees that the CDC and other organizations won’t connect with individuals directly.
- IT should implement rules for employees that are checking non-work email in addition to their work email.
- Fraudulent emails often use incorrect links disguised as legitimate sources. Workers can hover links to see the destination string, and better spot fake links.
- Remote workers (or IT) should implement automatic antivirus updates.
Manage the Risks of Remote
There’s no disputing the value of remote work situations during the pandemic. Remote work is saving lives. It’s of course a disruption for workers, but it’s also a headache for corporate IT. They need to put in place enough controls to protect data on the corporate side, while also allowing workers the flexibility and access they need to do their jobs properly. Put every remote worker on a virtual private network (VPN) when they connect from home.
- Use two-factor-authentication for identity verification, which is basically asking workers to confirm something they know (their password) along with something they have in their possession (their phone).
- Relay information to employees about the latest collaboration tools and any security concerns. For example, Zoom is very useful for video conferencing, but has had several serious security exploits and bugs.
- Review workers’ usage of personal devices to access work networks. Are there additional risks with older laptops or outdated operating systems? Gauge the risk/reward of buying laptops and phones for remote employees versus allowing BYOD.
Remote workers should also take steps to password protect their Wi-Fi connections. IT could create documentation on how to do this step and be available for inquiries from remote staff that have difficulty putting in place strong passwords.
Back Up the Backups
Especially considering the risks of COVID-19 related remote work and the possibility of ransomware, backups are essential. A remote workforce is still creating content and producing proprietary information that should be retained. Firms will need to put in place strict procedures for employees to store corporate information. For example, remote workers must understand vital data can’t sit on their laptop’s drive but must go to the corporate cloud. Thankfully, backups to the cloud are exceedingly easy and can run in the background without any interruption to the worker.
Backups also play a role with ransomware attacks. A small firm that falls victim to a ransom might not have a choice but to pay if the hackers are controlling the only copy of the data. But if they constantly backup data then they can ignore the ransom demands, and simply transition employees to the other data sources.
- Consider using multiple cloud services to automatically back up corporate data.
- Review data which should be regularly deleted.
- Perform reviews of which information does not need to be kept at all, such as possibly some customer info that is not required, but is potentially damaging if lost.
Despite the feelings of togetherness that have emerged during social distancing, not everyone is on board with protecting the broader community. Cybercriminals are out in force during the pandemic, preying on individuals and companies that aren’t prepared with the latest training and technology.
About Elizabeth Gallagher
Elizabeth Gallagher is the Chief Revenue Officer at Lineate—an NY-based custom software development company—where she oversees marketing, sales, and product development. Previously, Elizabeth was Co-founder and CEO of the award-winning ed tech company, Pixeldream, where she brought dozens of high revenue technology products to market for leading organizations including McGraw-Hill and Pearson.
