thinkCSC continues to monitor the impact that the pandemic is having on organizations throughout Columbus. As the state enters a mandated period of social distancing and everyone who can is teleworking from home, new cybersecurity challenges are impacting companies. We urge you to communicate with your teleworking employees to make sure they are aware of these risks and are taking the appropriate security measures to protect your data and network.
Coronavirus-Themed Phishing Attacks Are on the Rise
Cybercriminals are creating and putting out thousands of coronavirus-related websites on a daily basis. Intelligence firm RiskIQ saw more than 13,500 suspicious domains on a single day (Sunday, March 15th). More than 35,000 domains were discovered the following day. Mobile devices are susceptible as well.
Whether you are working from home or from your office, watch out for these threats. Recent phishing emails claim to contain advice on how to prevent infection, prompting you to click a link or open an attachment. For example, one such email states in the message body that it is from the World Health Organization (WHO). In actuality, it is the TrickBot banking trojan used to steal confidential information. Once installed on your machine, it can be used as a method to install other forms of malware on your machine. Watch out for these telltale phishing signs:
- Many phishing emails have poor grammar, punctuation, and spelling.
- Is the design and overall quality what you would expect from the organization the email is supposed to come from?
- Is it addressed to you by name, or does it refer to ‘valued customer,’ or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you; that is part of the phishing scam.
- Does the email contain a veiled threat that asks you to act urgently?
- Your bank, or any other official source, should never ask you to supply personal information from an email.
Tools to Protect You While Teleworking
VPN stands for virtual private network. The purpose of a VPN is to provide you with a secure network from which you can access your office applications over the public internet. A VPN creates a private connection, or tunnel, through the open internet. The idea is that everything you send is encapsulated in this private communications channel and encrypted so that even if your packets are intercepted, they can’t be deciphered.
MFA stands for multi-factor authentication. MFA is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authenticating mechanism. Two-factor authentication, or 2FA, is a method of confirming users’ claimed identities by using a combination of two different factors: 1) Something they know, 2) Something they have, or 3) something they are.
Two-step verification, or two-step authentication, is a method of confirming a user’s claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism, for example, the 6-digit code that you receive from your bank when you logon to your banks mobile or online banking site.
Two-factor authentication may also be accomplished via a hardware token or device. The credentials are stored on a USB device that is plugged into your laptop or desktop PC. Duo, YubiKey, and FortiToken are some examples of hardware tokens on the market today.
Safe Use of Home Computers
Using your home PC for teleworking provides a whole new set of challenges when it comes to security. Make sure you’re following these best practices:
- Ensure that a current antivirus platform is installed on your device.
- Ensure that your device utilizes a current operating system and that the operating system is up to date from a software revision perspective.
- When not in use by the person teleworking from home, ensure that the user’s session is logged off, preventing anyone else in the home from accessing business applications.
thinkCSC is ready to help ensure the continuity of your business. While we may have entered uncharted territory with regard to this pandemic, thinkCSC continues to be at your service. Please get in touch if you need support with your remote workforce.