Preparing for Cybersecurity Threats Related to Coronavirus

Mar 27, 2020 | Technology

According to the cisa.gov website, the Cybersecurity and Infrastructure Security Agency (CISA) has been monitoring the evolving Coronavirus, also known as COVID-19 situation closely. They have been taking part in interagency and industry coordination calls, and working with critical infrastructure partners to prepare for possible disruptions to critical infrastructure that may stem from widespread illness.

Unfortunately, individuals, businesses and other organizations need to prepare for attacks during these trying times. Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.

Remain vigilant and take the following precautions.

  • Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
  • Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  • Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
  • Review CISA Insights on Risk Management for COVID-19 for more information.

 

For businesses, consider requiring an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network.

  • As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
  • As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
  • Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
  • Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
  • Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.

 

To help mitigate attacks, be sure to review the following recommendations when considering alternate workplace options:

  • Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
  • Alert employees to an expected increase in phishing attempts.
  • Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
  • Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords.
  • Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.

 

Turner, Warren, Hwang & Conrad is here to support you with professionals who can ensure your security needs. Contact us today to speak with one of our cybersecurity experts.

Recent Posts

Boost Morale and Save Taxes with Achievement Awards

Boost Morale and Save Taxes with Achievement Awards

Some small businesses struggle with employee morale for a variety of reasons, one of which may be economic uncertainty. If you want to boost employees’ spirits without a big financial outlay, an achievement awards program is a relatively low-cost fringe benefit that...

The Rise of Check Kiting and Other Check Fraud

The Rise of Check Kiting and Other Check Fraud

While the use of paper checks has greatly diminished, thieves still view them as a source for stealing revenue. In fact, the Financial Crimes Enforcement Network warns that many thieves are returning to old-fashioned financial theft, using paper checks. That’s one...

When is Employer-Paid Life Insurance Taxable?

When is Employer-Paid Life Insurance Taxable?

If the fringe benefits of your job include employer-paid group term life insurance, a portion of the premiums for the coverage may be taxable. And that could result in undesirable income tax consequences for you. The cost of the first $50,000 of group term life...

An IRA Withdrawal Strategy with Tax-Reducing Power

An IRA Withdrawal Strategy with Tax-Reducing Power

As the year winds to a close, your chance to lower your 2024 tax bill also winds down. If you’re age 70½ or older, you may want to make a qualified charitable distribution (QCD) from your IRA before year end. Normally, distributions from a traditional IRA are taxable....