Amid this global health crisis caused by the spread of COVID-19, it is vital to realize that the coronavirus is not the only threat out there that we need to be actively protecting ourselves against. The massive surge of people working from home has introduced ample opportunity for fraudsters to hack into secure devices and networks, exposing private information and exploiting vulnerable individuals and businesses. A cyber attack has the potential to financially devastate those who fall victim, so it is absolutely imperative to be informed and prepared should you come up against a situation in which you or your business has been hacked. For additional information on Cyber Insurance, check out our Cyber Liability Insurance page.
RECENT METHODS OF ATTACK
Unfortunately, the pandemic has inspired cyber cretons to profit off of global fear. The number of phishing and scam websites that are currently active online and themed around the coronavirus pandemic are estimated to be growing by the thousands every day. In fact, it has been said that the number of cyber attacks relating to the coronavirus so far has possibly been the largest number ever recognized revolving around a single theme.
Several domain names have been registered under the guise of coronavirus keywords and they can be used to infect users with malware. Hackers have been able to hijack Domain Name System settings so that while a user is on the internet, the web browser displays an alert for a bogus COVID-19 information app, claiming to be produced by the World Health Organization. If a user is tricked into clicking on the alert and the app is launched, the malware attempts to steal the following information from the user’s PC:
- Browser cookies
- Browser history
- Browser payment information
- Saved log in credentials
- Cryptocurrency wallets
- Text files
- Browser form autofill information
- 2FA authenticator databases
- A screenshot of your desktop at the time of infection
The digital perpetrator will not leave any valuable information untouched.
Cyber criminals are even going as far as targeting places like hospitals and exploiting them with the installation of ransomware. The expectation is that the urgent need for system functionality will push administrators to quickly pay the ransom demanded.
From corporations and mom-and-pop businesses to strikes on individuals, no one is exempt from these types of attacks. However, knowledge is the best form of armor, and if you know what to look for, you will be able to put up a strong defense against these types of cyber torpedoes.
CYBER RISKS AND WHAT CLUES TO LOOK FOR
The three major cyber risks that individuals and businesses should be aware of right now are social engineering, phishing, and ransomware.
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. This form of deception has many faces, but it usually takes place by way of phishing emails or phone calls.
Phishing is the fraudulent practice of sending emails to be from reputable companies in order to encourage individuals to reveal personal information such as account details, passwords, and credit card numbers. To spot a phishing email, keep your eyes peeled for the following clues:
- Sender email address-if it looks wonky with strange punctuation, random letters and numbers, or the email address just doesn’t look familiar, it may be falsified.
- Destination email address
- Urgent or time sensitive response requested
- Embedded links or attachments
- Asking for confidential information
- Asking for payment information
If you receive an email requesting you to click on a link to reset your password, verify your account or enter banking information – MAKE SURE you requested this communication first before you click or enter anything. Many businesses and institutions have strict rules about how they digitally communicate with you and will openly publish the fact that they will never ask you for personal or account information via email.
Ransomware is a malware that infects computers and restricts their access to files, often threatening permanent data destruction unless a ransom is paid. This is currently the fastest growing form of cyber crime because the culprit will attain their wealth quickly and with little hassle.
How a ransomware attack transpires:
- The intruder will send an email containing a link or file that the user clicks on
- Once the link or file is clicked, the ransomware will seep into the workstation
- The ransomware will then encrypt the user and shared network data so that the data cannot be accessed by the organization until the demanded ransom is paid
- Once the ransom is paid, the intruder can choose to unlock the data for the organization to access, however this is not always guaranteed.
To mitigate the risk of a cyber infection, be extra vigilant when riffling through emails and answering phone calls. Never give out personal or business information and do not engage with links or files that you are unfamiliar with. Most importantly, make sure that you have protection in place and a plan of action should you discover that your network has been invaded.
No one person or business wants to subject themselves to the inevitable clobbering that a cyber-attack would impose, so the best thing that you and your business can do to avoid such a situation is to be proactive and make sure that you have implemented a form of digital protection.
5 Easy Steps to Securing Your Home Office
Since most of us are currently working from home, it makes for a great starting point. Your home office should be prioritized when streamlining your defense against possible cyber onslaught. Follow these 5 easy steps to secure your WFH devices!
Invest in Cyber Insurance
Choose a cyber insurance provider that offers premium coverage. Here at Camargo, we recommend industry leader Evolve MGA. Evolve offers a 24/7 cyber incident response team that will provide you with immediate assistance if your network has been breached. With every Evolve policy, you will also benefit from CyberRiskAware-a free risk management tool that allows the user to create fake phishing email campaigns that get sent out to staff members. When a staff member opens up the email and clicks on a phishing link, they will be prompted to watch an educational video about phishing email awareness. Human error is currently the highest cause of cyber related claims, so training tools like CyberRiskAware are proven to be imperative.
For more information, Camargo has access to industry leader Evolve MGA for customized Cyber Insurance for your businesses needs. Connect with us to get a free risk assessment and fast quote to protect your business.
Multifactor Authentication, otherwise known as MFA or 2FA is one of the most successful methods used to block a digital enemy. Some of the most complex attacks begin when a network is breached and a hacker gains access to email accounts, allowing them to obtain a better sense of how the business interacts. The hacker then has the ability to create an email themselves that looks incredibly similar to an email one may receive from an employee, senior officer, etc, and can easily dupe an individual into giving out private information.
MFA is recommended when logging into email accounts or applications that require a user ID and password. It will send a text or alert to the user’s cell phone containing an authorization code that is used to confirm who the person is that is logging into the account.
Be sure to enable MFA on all of your online accounts which offer this security measure. Examples of accounts that are secured with MFA protocols are typically cloud-based software like QuickBooks Online, email servers like Gmail and banking or investment portals.
Call Back Procedure
A call back procedure is one of the most impactful practices that a business can implement, especially if you are a business that works with the transferring of funds. Before processing any wire transfer or ACH, call the source that is requesting the funds directly to confirm that all of the information is correct and that they are expecting a deposit. Do not obtain the telephone number from the email or the letter that is requesting the funds-find the phone number through an internal source or a web search that you conduct yourself.
This type of protection is applicable in any industry but is especially useful if your business is required to transfer amounts of money over a certain threshold. It is always a good idea to have two or more people review and sign off on large monetary transfers (preferably senior employees) before further action is taken.
Additional Forms of Protection
- Use a password manager like LastPass to generate and store unique, intricate passwords and NEVER use the same password twice.
- Use a passcode lock on your electronic devices
- Turn on automatic system updates on your electronic devices
- Make sure your desktop web browser utilizes automatic security updates
- Do not share credentials or permissions for any network or cloud accounts
- Store all corporate data in designated locations
- Be aware of malicious websites, links, and files
Cyber protection is essential to individual and business security in today’s workforce climate. Take some time to get familiar with your digital security obligations while you’re working from home and you’ll have an impenetrable shield to safeguard your information and your investments. Camargo Insurance has dedicated agents who can assist you in properly assessing your risk and getting the right protection in place, chat with us to discuss next steps!