PAndemic Cyber Security

One thing this pandemic is certain to do is change the way we do things going forward. We have seen companies from all industries and sizes adapt the way their employees work to ensure they can stay afloat through this crisis. Perhaps your office employees are working from home with a laptop, or maybe you’ve cut all face to face interactions with clients. Either way, the exposure for cyber risk has already skyrocketed.

We’ve been talking about cyber exposures for a number of years now. Whether it be misinformation, a phishing email coming from your businesses email, or a hacker locking up your network and holding it for ransom, the number of attacks on businesses has grown exponentially.

Below are five quick tips on how you can limit your business’ risk of being victim to an attack:

1) Passwords:
First of all, don’t make your password something along the lines of SeasonYear!, as even I could guess that. Make it something more difficult like best NFL team (Packers), year, exclamation point. That is what I do and it works great (only kidding). In all seriousness, you need to make sure you, and your employees, are using complex passwords for any login that may have personal, company, or client information on it that could be valuable. I suggest using password savers like Roboform or Dashline to make sure passwords are updated and not forgotten. Also try to enable two factor identification as often as possible.

2) Out-Bound Emails
Emails are common places, if not the most common, for an attack to occur. Especially for a business like a tree service. For example, my dad received an email from a tree service in his area whose G-mail account had been hacked. It mentioned the job, which was actually just finished at my dad’s house, and where to send money. The only reason my dad caught it was because the amount was different from what they had originally discussed. Imagine if your email was hacked and clients sent you personal information, banking info, etc. You’d be on the hook for any damages, defense costs, credit monitoring for the client, and much more. Make sure your email is secure and that clients have a clear understanding of what type of things you would or would not ask for via email. And check with your insurance agent to see if you have cyber coverage. If not, I’d strongly recommend it as it is not very expensive and offers high limits!

3) In-Bound Emails
Are your office staff members and employees trained on what to be aware of when receiving emails? Follow these tips to be safe:

A. Make sure you have a good filter for blocking out spam emails. We work closely with an IT security company and we still see some slip through every once in a while.
B. Verify the sender before opening the email, and definitely before opening any attachments!
C. Hover over hyperlinks and make sure the URL matches the source. Look closely for any typos or odd spellings.

4) VPN
If you have employees working from home or working remotely, I encourage you to look into Virtual Private Networks (VPN’s). This would often come into play for anyone working out in the field that may connect to a public network. Employees could stop at a restaurant and connect to their wifi, or go to a conference and work from the hotel. When connecting to a public wifi spot, employees are at risk of connecting to a fraudulent network that imitates the network they think they are connecting to. Employees could also connect to the original network which may have been breached, allowing attackers to obtain information during your employee’s use. Check out VPN’s like ExpressVPN or Surfshark and make sure to consider the number of devices and frequency of use before purchasing.

5)Watch Out for Spoofs
People are desperate for new information right now. We want to know what updates there are regarding COVID19 and how it impacts us and our business. Consider that times like these mean we are most vulnerable to attacks and misinformation. Try to be conscious of where you’re gathering information and make sure it is from credible resources like the World Health Organization (WHO) or the Centers for Disease Control(CDC). Consider that emails, pop-ups, etc. for “COVID19 Update!” may be click bait and encourage those in your company not to jump to conclusions.

The World Health Organization recently stated they were also in the middle of an ‘Info-demic’ due to the large spread of misinformation regarding COVID19. As the employer, it is your responsibility to provide your employees with the correct information. Utilize resources such as WHO, CDC, TCIA, and ISA, to get relevant information throughout the pandemic. As always, feel free to reach out with any questions and we’ll see what we can do!

Written by: Malcolm Jeffris, CTSP