Cybersecurity Vulnerabilities Exploited During Coronavirus Crisis
Businesses are being strained during the Coronavirus epidemic and Cybersecurity Issues are on the rise. Cyber criminals and hostile nation states are wasting little time in exploiting the vulnerabilities this crisis has created.
Remote Work Protocols
Working remotely has been growing at an exponential rate. While cybersecurity can be maintained in a remote work scenario, adequate protocols must be in place. Because many businesses have suddenly been thrust into this arena those protocols may not have been adequately established. This has increased the chances of remote employees using unsecured Wi-Fi or personal devices when accessing sensitive data.
Educating and Training Employees
Proper training at regular intervals is essential for any Information Security Management System (ISMS). Establishing coherent and effective protocols and policies does little good if the members of an organization are unaware of them or don’t know how to implement them. Because any weak link can defeat the best cybersecurity program, proper practices should be everybody’s number one priority.
FBI Warnings on Coronavirus and Cybersecurity Issues
During this Coronavirus (COVID-19) crisis the Federal Bureau of Investigation has advised businesses to carefully consider the safety of their data when selecting tools that provide communication over the internet. It is important to consider the possibility of eavesdropping on virtual meetings, theft of data, or other malicious activities. The FBI has seen an increase in activity of this sort including a practice called Zoom-bombing where video conferencing tools have been disrupted by pornography and threatening language.
Business Email Schemes
Additionally, Coronavirus and Cybersecurity Issues are giving rise to a large variety of email schemes. These include emails that appear to be from persons inside an organization or persons outside of the organization that a company conducts business with. The FBI advises that businesses be particularly on the look out for the following:
- The use of urgency and last-minute changes in wire instructions or recipient account information;
- Last-minute changes in established communication platforms or email account addresses;
- Communications only in email and refusal to communicate via telephone;
- Requests for advanced payment of services when not previously required; and
- Requests from employees to change direct deposit information.
FBI Recommended Cybersecurity Practices
Do:
- Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
- Restrict access to remote meetings, conference calls, or virtual classrooms, including the use of passwords if possible.
- Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
- Beware of advertisements or emails purporting to be from telework software vendors.
- Always verify the web address of legitimate websites or manually type it into the browser.
Don’t:
- Share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
- Open attachments or click links within emails from senders you do not recognize.
- Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.1
CVG Strategy
CVG Strategy is committed to helping businesses with their cybersecurity concerns during this COVID-19 crisis. We can assist businesses create and support Information Security Management Systems. We provide businesses with services for ISO 27001, NIST 8000-171, and CMMC certification. Contact Us to see how we can help you.