The threat landscape of COVID-19 is perilous. thinkCSC put together these guidelines for clients and shared the information directly with them via email, but any organization will benefit from these resources and guidelines.
COVID-19 Specific Security Recommendations
This information from the FTC should be shared with your remote workforce to ensure the security of your network as well as theirs.
- Don’t respond to texts, emails or calls about checks from the government. Additional information is available here.
- Ignore online offers for vaccinations and home test kits. There are no products proven to treat or prevent COVID-19 at this time.
- Hang up on robocalls. Scammers are using illegal robocallsto pitch everything from low-priced health insurance to work-at-home schemes.
- Watch for emails claiming to be from the CDC or WHO. Use sites like govand usa.gov/coronavirus to get the latest information. And don’t click on links from sources you don’t know.
- Do your homework when it comes to donations.Never donate in cash, by gift card, or by wiring money.
CISA also has several recommendations worth sharing:
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachmentsand Avoiding Social Engineering and Phishing Scams for more information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scamsfor more information.
Phishing Scams Abound
We expect an increased phishing threat used mostly to steal personally identifiable information. Here is some additional information on avoiding various phishing threats.
CISA offers several guidelines to increase awareness for social engineering and phishing attacks. You can also download the thinkCSC email security guide (PDF). Read and share our resources on email security and phishing.
Is Zoom Secure?
Zoom continues to be a threat to your infrastructures and data. As securing a product is a lengthy endeavor, thinkCSC would suggest switching to a more mature product with greater security built in. If that’s not possible, here are some tips to help make meetings more secure. Also, make sure to always update your Zoom product when asked.
- Don’t publicly share your Zoom “Meeting ID.” Send it directly to the people you want on the call.
- Set a password for the meeting, then share that only with the right people.
- Make sure “screen sharing” is set to “Host Only.” That prevents other people on the call from abruptly blasting text or images onto the other participants’ screen — a favored tactic of “Zoombombing” trolls.
- Use the “waiting room” feature. It prevents new participants from joining the call until the host approves.
General Security Posture
While phishing and similar attacks will be on the rise, overall systems security will also be tested with the increased COVID-19 threat landscape. Provided are links with additional information and as always you can contact your thinkCSC team for details.
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
- Alert employees to an expected increase in phishing attempts.
- Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
- Implement MFA (multiple forms of authentication in addition to username and password) on all VPN connections to increase security.
- Update and Upgrade Software
- Defend Privileges and Accounts
- Enforce Signed Software Execution Policies
- Exercise a System Recovery Plan
- Actively Manage Systems and Configurations
- Continuously Hunt for Network Intrusions
- Leverage Modern Hardware Security Features
- Segment Networks and Deploy Application-Aware Defenses
- Integrate Threat Reputation Services
- Transition to Multi-Factor Authentication
thinkCSC is ready to help ensure the continuity of your business. While we may have entered uncharted territory with regard to this pandemic and the increased COVID-19 threat landscape, thinkCSC continues to be at your service. Please get in touch if you need support for your remote workforce. If you have questions or concerns regarding your organization’s security, get in touch.