Bad actors love crises. The forced telecommuting of millions of employees (and the attendant exponential increase in use of remote access technologies), coupled with real fears and concerns regarding the spread of COVID-19, have produced a fertile environment for an increase in cyberattacks. Trend Micro reports that COVID-19 is being used in a variety of malicious campaigns including email spam, business email compromise (i.e., using stolen information to initiate fraudulent wire transfers), malware, ransomware, and malicious domains. Trend Micro estimates that nearly 66% of these attacks involve email spam. Both Trend Micro and Sophos have separately reported discovery of what Sophos calls a “dirty little secret” scam: users receive an email asserting that the sender knows their whereabouts and other personal information, and threatens that if the user refuses to pay a fairly large sum ($4000 in one instance), they will infect your family with coronavirus. Nasty, eh?
With this increased risk environment, and everyone’s guard down a bit as we focus on simply trying to keep doors open, it is important for those responsible for data security to undertake basic steps to lessen the success of these attacks. These steps can include:
- Reexamining and where necessary hardening technical safeguards associated with remote access to information stored and processed in the company IT environment. These efforts might include an assessment of encryption tools in use, requirements for at-home WiFi, increasing the frequency of implementing security updates and patches, and if robust measures are not already in place, implement (or improve) multi-factor authentication for remote access.
- Reeducating employees on phishing and other “social engineering” scams. The use of recent examples of such scams can be most effective, particularly those that rely on the COVID-19 pandemic for their effectiveness (e.g., the “dirty little secret” scam described above and described in detail here:). The Department of Homeland Security has also published useful tips for identifying and avoiding these scams.
- Reminding employees of the basics of data security, including use of strong passwords, safeguarding passwords, and avoiding local storage of sensitive information (e.g., on hard drives, flash drives, etc.). Here is CISA’s publication on proper use of passwords.
- Revisiting incident identification, reporting, response, and recovery procedures. IT security personnel should consider increased use of log review and attack detection mechanisms. Personnel should be reminded when and how to report suspicious activity. Confirm that resources (including third party service providers) remain in place to quickly assist with mitigation and recovery efforts.
Cybersecurity is not top of mind for most organizations during these unprecedented times — a fact unfortunately known to opportunistic cybercriminals and other bad actors. Nonetheless, budgeting a little time and energy to ensuring a secure remote work environment is a well-spent resource, and could help avoid adding another problem to an already stressed environment.
We wish you all well, and look forward to returning to some semblance of normalcy.
For more information regarding this post, please contact Brian Balow.
For information regarding Dykema’s Privacy and Data Security Team, please contact Cindy Motley.
To sign up for Dykema’s Privacy and Data Security Blog e-mail updates, please click here.
As part of our service to you, we regularly compile short reports on new and interesting developments and the issues the developments raise. Please recognize that these reports do not constitute legal advice and that we do not attempt to cover all such developments. Rules of certain state supreme courts may consider this advertising and require us to advise you of such designation. Your comments are always welcome. ©2020 Dykema Gossett PLLC.