policies and procedures

In our previous COVID-19 bulletin, we discussed the importance of companies maintaining information system and data security while allowing employees to work remotely. Over the last week, as people scramble to identify trustworthy information about the spread of COVID-19, how they can protect themselves, and how they can get tested, spammers and scammers have taken advantage of vulnerable telecommuters. For example, in just the past week, media outlets have reported on the following scams:

  • Email Phishing. According to a Kaspersky study and the FTC, email phishing schemes include the use of organizations’ names that would normally seem legitimate. Such emails appear to be coming from representatives of the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). The emails have the CDC or WHO logos and headings or have email addresses that, in a quick glance, look to be official (such as cdc-gov.org). The links in these emails may infect the user’s device with malware or even ask them to enter in an email and password for their Microsoft Outlook account.
  • Domains and Apps. There are website domains that appear to keep track of COVID-19 updates and health information. Instead, these domains prompt users to download apps to access this information. In particular, there is an Android App that, once downloaded, infects the device with ransomware and demands payment or else the data on the device will be erased. Additionally, there is an interactive infections and deaths map circulating that is being used to spread password-stealing malware.
  • Goods Delivery. While goods and supplies, such as cleaning and household supplies, are running out at local stores, there are online sellers purporting to have these items in stock. Instead, they are scams that take your payment and never deliver your ordered items. Employers, or employees in charge of supplies, should be cautious of online retailers and conduct additional research into the seller to verify legitimacy.
  • Fake Charities. As with any major event or crisis, there are scammers trying to take advantage of people’s good intentions. This can take form in fake charities or fake donation pages. The fake charity can be a completely made up organization or one that closely resembles names of established charities.

Continue Reading Don’t Let COVID-19 Lure You In: Phishing and Malware Attacks Skyrocket During Coronavirus Crisis

Every year, the culprit that tops the list of information security risk is the same one from the previous year, and the year before that: your employees. Sure, hackers and technical failures get a lot of attention, but time and again it is the low-tech failures of employees that lead to security incidents and data breaches. To be clear, it is rarely the disgruntled employee, but more often the apathetic or unaware employee that clicks the phishing link or lets the bad guy into the building. And, unlike the technological safeguards that can cost you thousands of dollars, remedying the issues with employees doesn’t have to cost a lot time or money. However, it can still have the biggest payoff. Here are three easy things you can do to immediately reduce the risk to your sensitive information, and in doing so, truly make “security everyone’s business.”
Continue Reading The Enemy Within: Why Employees Top the List of Security Risks Each Year (and what you can do to make sure yours don’t)