Here’s how you can protect your business as cybercrime soars 62% in the pandemic

KATHRYN REED

Tips for companies and individuals to be more cyber secure

• Require employee passwords be long passphrases or use password manager programs. Use multi-factor authentication. Screen passphrases against lists of weak and compromised passwords.

• Look into the apps, services, and technology to identify who’s really providing the service. Ask about their physical and cybersecurity practices. Track what data you’re sharing, and ask who can access it.

• To protect your router—which is the gateway between your network and the internet—change the default password, apply patches regularly or automatically, choose your network name carefully, and use at least WPA2 for encryption.

• When using open/public Wi-Fi, access the Wi-Fi via a VPN. Only visit internet sites that use HTTPS, don’t let your device automatically connect to available networks, and turn off your device’s Wi-Fi connections when you don’t need to use them. Don’t do your banking and shopping transactions on open/public Wi-Fi.

• Keep your systems patched, ideally with automatic updates; set effective rules for your firewalls; and install anti-virus software with regular or automatic updates.

• Web browsers are how your devices access the Internet, so adjust your browser settings—and the settings on your mobile devices—to maximize your privacy and security.

• Develop a cyber incident response team and plan so your organization is prepared for a potential cyber incident. Your plan should include the three components of an incident response team: technical, legal, and managerial. Identify a backup way for your team to communicate without relying on your computer network.

Source: FBI

Cyber criminals are taking advantage of more employees working from home, fostering schemes they hope lead them to company secrets, recent data from the FBI and a regional North Bay tech firm show.

The “sudden shift in our personal and professional lives online due to the COVID-19” is driving recent cybercrime activity, FBI Director Christopher Wray told the North Bay Business Journal in a statement.

In searching for vaccine information, status of stimulus checks and other pandemic information, home workers have also shown a willingness to open fraudulent emails that then open cyber doors giving access to thieves to grab employer information.

“Business email compromise schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020,” according to the FBI’s 2020 Internet Crime Report.

Internet crime complaints tallied by the FBI in 2019 were 467,361, while in 2020 that number increased to 791,790. Last year’s losses exceeded $4.1 billion.

The FBI’s Internet Crime Complaint Center in 2020 received more than 28,500 complaints related solely to COVID-19, with fraudsters targeting businesses and individuals.

Phishing is when a criminal sends an email to someone that looks legitimate, like it’s from a person or business they know. Just opening the email is not likely to be detrimental. It’s when links in the fraudulent email are clicked that bad things, like the installation of malware on company servers, are more likely to occur.

Keysight Technologies found that phishing attacks throughout the world increased by 62% in 2020 compared to 2019. The Santa Rosa-headquartered company with it Hewlett-Packard and Agilent lineage, has nearly 12,600 employees, with customers in more than 100 countries.

“In fact, there was rapid increase in these attacks when the pandemic took center stage in March and April as social engineering attacks were related to the pandemic,” the company said in a statement.

Scott Register, vice president of security solutions for Keysight, said, “Cyber criminals leveraged phishing, ransomware and supply chain vector attacks to strike networks for financial gain. We believe that these network security trends will continue in 2021.”

A high-profile example of a ransomware attack and its impact is the forced shutdown of the Colonial Pipeline, a major pipeline in the U.S. that supplies 45% of all fuel consumed on the East Coast, after a cyberattack late last week.

But closer-to-home examples of ransomware attacks include Sonoma Valley Hospital in October 2020 and a 2019 attack that resulted in the loss of days of patient records at Marin Community Clinics.

Kevin Kiesel, director of internet technology services for KLH Consulting in Santa Rosa, said what the criminals want are passwords and usernames, or “credentials” as it’s known in the industry. Because people often use the same password this makes it easier for criminals to gain access to a company’s financial systems.

“A lot of times these people are in your mail for days, weeks, months and you might never know it,” Kiesel said. “Sometimes they set up rules in your mailbox to auto-forward messages to another email and you don’t see them.” These could be emails that have financial related words in them like invoice or payment.

He said smaller companies are more likely to be victims than larger ones because they often lack the resources to defend against cybercrimes.

KLH Consulting, which has been in business for more than 40 years with clients across the country, is a proponent of multi-factor authentication. This is something Microsoft 365 now requires. This is when the user has to present two items to get into a system. It could be a regular password and then a code sent to their cell phone.

While his company has seen an increase in cybercrime in the last year, Kiesel said the best deterrent is better education.

“This is most commonly done through phish training. Send something out to them to try to catch them. When they do open it, then educate them about what to look for,” Kiesel said.

Tips for companies and individuals to be more cyber secure

• Require employee passwords be long passphrases or use password manager programs. Use multi-factor authentication. Screen passphrases against lists of weak and compromised passwords.

• Look into the apps, services, and technology to identify who’s really providing the service. Ask about their physical and cybersecurity practices. Track what data you’re sharing, and ask who can access it.

• To protect your router—which is the gateway between your network and the internet—change the default password, apply patches regularly or automatically, choose your network name carefully, and use at least WPA2 for encryption.

• When using open/public Wi-Fi, access the Wi-Fi via a VPN. Only visit internet sites that use HTTPS, don’t let your device automatically connect to available networks, and turn off your device’s Wi-Fi connections when you don’t need to use them. Don’t do your banking and shopping transactions on open/public Wi-Fi.

• Keep your systems patched, ideally with automatic updates; set effective rules for your firewalls; and install anti-virus software with regular or automatic updates.

• Web browsers are how your devices access the Internet, so adjust your browser settings—and the settings on your mobile devices—to maximize your privacy and security.

• Develop a cyber incident response team and plan so your organization is prepared for a potential cyber incident. Your plan should include the three components of an incident response team: technical, legal, and managerial. Identify a backup way for your team to communicate without relying on your computer network.

Source: FBI

Show Comment