The coronavirus pandemic has made networks more lucrative and vulnerable to cyberattacks than ever before. Employers should know the risk.
Sampath Sowmyanarayan, president of global enterprise for Verizon Business Group, recently compared the increasing prevalence of cyberattacks against businesses across the country to building a moat around a castle.
With more employees working from home, people’s home computers can pose as much security risk to their company as its home server.
“When employees aren’t working from a centralized office space, it’s even harder to identify where the ‘castle’ is,” says Sowmyanarayan.
Online crimes reported to the Federal Bureau of Investigation have increased by 400% since the onset of the coronavirus pandemic, according to a senior cybersecurity official at a webinar hosted by the Aspen Institute.
Wayne Machuca, lead instructor for Mt. Hood Community College’s cybersecurity program, explains the increased number of employees working from home and repeated use of online video conferencing platforms such as Zoom, make attacking personal computers easier.
Employees tend to be more careless about cybersecurity on their home computers, making saved logins and passwords easier for hackers to obtain.
RELATED SORY: Data Risk
Zoom gained popularity very quickly and the number of users on calls make it easy for hackers to slip into calls undetected. “Zoom did not have a contingency plan for such massive success. I would be cautious to say anything over Zoom that I wouldn’t be willing to say out loud in a coffee shop,” says Machuca.
In addition to training about what sorts of email employees should and should not open, one of the most important ways businesses can head off cyberattacks and ransomware is to make sure software patches are up to date.
“When a patch comes out for a program, not everyone updates it right away. Hackers will look at the patch, see what the patch fixed and learn where the old versions are vulnerable,” says Machuca. “Hackers will reverse-engineer the patch. People have to be double vigilant. ”
He also cautions that ransomware attacks, in which hackers shut down a system until a demand is met, are counteracted better when data are backed up on an external hard drive.
“My advice is back-up back-up back-up. If you haven’t backed-up your data, back it up tonight, and don’t keep the external drive in the same bag as your computer.”
According to cybersecurity company Trend Micro, malicious email campaign claiming to be from the Centers for Disease Control and Prevention about COVID-19 advice have been reported by the Federal Bureau of Investigation.
The FBI has also warned against phishing attempts from hackers claiming to be from the Internal Revenue Service, regarding stimulus checks and small business loan application. Large successful cyberattacks, such as the recent hack of New York-based law firm Grubman Shire Meiselas & Sacks, increases hacker activity everywhere.
“Security risks know no borders,” says Erik Moser, head of issues and crisis for the Pacific Northwest at public relations firm Edelman. “There are different rules in different places but attackers don’t follow them.”
He recommends employers know a good law firm with a cybersecurity speciality because being hacked has legal implications if consumer data are breached. He also recommends knowing a data forensics team to figure out what data has been affected.
“It’s important you have a response in place. We like to say that when it comes to cyberattacks, you should treat it as ‘when’ not ‘if.’”
To subscribe to Oregon Business, click here.