Preparing for Cybersecurity Threats Related to Coronavirus

Mar 27, 2020 | Technology

According to the cisa.gov website, the Cybersecurity and Infrastructure Security Agency (CISA) has been monitoring the evolving Coronavirus, also known as COVID-19 situation closely. They have been taking part in interagency and industry coordination calls, and working with critical infrastructure partners to prepare for possible disruptions to critical infrastructure that may stem from widespread illness.

Unfortunately, individuals, businesses and other organizations need to prepare for attacks during these trying times. Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.

Remain vigilant and take the following precautions.

  • Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
  • Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  • Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
  • Review CISA Insights on Risk Management for COVID-19 for more information.

 

For businesses, consider requiring an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network.

  • As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
  • As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
  • Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
  • Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
  • Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.

 

To help mitigate attacks, be sure to review the following recommendations when considering alternate workplace options:

  • Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
  • Alert employees to an expected increase in phishing attempts.
  • Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
  • Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords.
  • Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.

 

Turner, Warren, Hwang & Conrad is here to support you with professionals who can ensure your security needs. Contact us today to speak with one of our cybersecurity experts.

Recent Posts

Tax Season Cleanup: Which Records Can You Toss?

Tax Season Cleanup: Which Records Can You Toss?

If you’ve filed your 2024 tax return, you may be eager to do some spring cleaning, starting with tax-related paper and digital clutter. The documentation needed to support a tax return may include receipts, bank and investment account statements, K-1s, W-2s, and...

Payroll Fraud Threats Inside and Outside Your Company

Payroll Fraud Threats Inside and Outside Your Company

Payroll fraud schemes can be costly. According to a 2024 Association of Certified Fraud Examiners (ACFE) study, the median loss generated by payroll fraud incidents is $50,000. It’s essential to know the payroll schemes making the rounds and how to prevent them or at...

The Tax Side of Gambling

The Tax Side of Gambling

Whether you’re a casual or professional gambler, your winnings are taxable. However, the Treasury Inspector General for Tax Administration reports that gambling income is vastly underreported. Failing to report winnings accurately can lead to back taxes, interest and...

Stuck in the Middle: The Sandwich Generation

Stuck in the Middle: The Sandwich Generation

The term “sandwich generation” was coined to describe baby boomers caught between caring for their aging parents and their children. Today, it most commonly applies to Generation Xers and older Millennials. If you’re caught in the middle, it might be time for honest...