Due to Coronavirus (COVID-19), This Month in Cyber Security was different than any other we have done before. During these challenging times, we understand businesses are under high levels of stress. So we focused our discussion on threats that directly relate to remote workers and the challenges of business continuity. This month’s topics included: the security of home networks & authentication, conference call security, and increased exposure to scams, threats & viruses.
Managing Home Networks & Authentication
Prior to Illinois’ shelter-in-place order, for many small and medium-sized organizations managing remote access was limited in scope. However, now that most businesses are 75% to 100% remote, endpoint management is critical. With remote work, several elements are outside of the control of the IT department, including the employee’s home network. Here are a few key questions to think about:
- Is your organization using NextGen firewalls with an Intrusion Prevention System (IPS)?
- What programs are you running that are critical to your business?
- How are you managing your anti-virus and patching updates?
- How are your employees connecting to your network?
- How are employees securing their own home networks?
Once you have the answers to these questions, we encourage the use of multi-factor authentication (MFA) to provide an additional layer of security. With proper guidance, turning on MFA can reduce your risk of breach significantly. If you have more questions regarding MFA, be sure to register or our weekly workshops, here.
Now that schools and businesses alike are nearly 100% virtual, conference calls and video conferences are becoming a more prominent target for hackers. In the latest news, “Zoom-bombing” has become a major threat. This refers to hackers breaking into unprotected calls and video conferences. When the hacker infiltrates the meeting, they remain anonymous and begin to shout profanities, hate speech, and in the worst cases, they will display explicit photos. To date, this threat has been more common in virtual classrooms, however, this still poses a threat to businesses.
For businesses, the threat of uninvited meeting attendees extends to the theft of sensitive information regarding your organization and personal information from presenters and attendees. Information such as first name, last name, email, phone numbers, and addresses. The easiest way to secure your conference calls is to make meetings invite-only and password protected. This will help raise the barrier of entry for compromising a meeting. Read the full story here.
Scams, Threats, & Viruses
As news related to the COVID-19 virus breaks on a daily basis, users are constantly looking for ways to stay informed. Unfortunately, hackers are fully aware of this and have created thousands of websites designed to scam users. One of the most frequently used examples leverages the Johns Hopkins’ map of known cases (below). Johns Hopkins has provided the code for other legitimate websites to embed this map on their site, however, hackers have taken advantage. They have designed websites that feature the legitimate map and appear trustworthy, however on the back end, visitor machines are being infected with malware. You can read more about the story here.
Still have questions? You can download the slide deck here! If you are ready to get started on protecting your remote workers and network, reach out to us at firstname.lastname@example.org or give us a call at: 630.832.0075. We are happy to help!
Watch the short snippet below, or watch the full recording here.