2 minute read
Thoughts on Cyber Security from IIA of IL Tech Guru
First and foremost, the drama of COVID-19 in modern society IS being taken advantage of by “hackers.” They are trusting that we’ll be distracted and off guard by current events.
This is commonly manifested in the following ways:
Social Engineering I’m referring to the fake telephone calls from “Microsoft” or the “Social Security Administration” or “FedEx” or “UPS” or even pretending to be your IT Support department/ provider. These calls are commonly used to either gain direct access to computer systems by talking end users into remote control sessions or by “fishing” for enough detail to deduce passwords to use to gain entry to cloud systems.
“Phishing” Emails There has been an uptick in the volume of fake emails mentioning Support for COVID-19, Hospital Officials, delinquent invoices, etc. Many of these include either links to malware or direct attachments.
“Spear-Phishing” Emails These are a targeted type of Phishing that are commonly sent to specific users focused on the recipient or job function. For example, sending payment requests to Accounting while pretending to be from CEO/CFO, etc.
“Display Name Spoofing” Emails like this have the Display Name set to be someone in your organization, but sent from a random Email address. For example, From: “Phil Lackman” <duckhunter76@gmail.com>. These are pretty easy to spot because the email address typically has no relation to the Display Name of the sender.
Misspelled Domain Names Close misspellings of common domain names are also being created to help lend legitimacy to the “Phishing” emails of all types. For example, they may use @yhoo.com instead of @yahoo.com.
By Nathan Boyd
Not Only Targeted at Businesses These examples carry over into your personal lives as well. NEVER let your guard down, always listen to the voice in the back of your mind. When in doubt, always ask someone else for a second opinion.
Advice for Small Businesses
1. Be skeptical about every bit of communication you
receive, especially if you are not expecting it, until you can authenticate or verify the sender/caller. Your mind and vigilance is far more effective than any software or hardware tool available.
2. Look carefully at unexpected emails. If it’s fraudulent,
there will almost always be a clue in the email, typically either in the sender Display Name/email address or in a link they want you to click on. Common grammar mistakes are also common giveaways.
3. Make sure your End User systems and Servers are
updated. Several security exploits have come to light in the last six months that are beginning to be used in attacks. Many of these have been patched by recent updates.
4. Engage your IT Support for additional suggestions
Final Thoughts
Please understand that with the K-12 schools out, Colleges and Universities closed, and employees being sent to work from home in record number, your home Wi-Fi, your internet connection, and the national/global internet infrastructure is under incredible load.
In the coming days, you and everyone else WILL have some random hiccups in either working remotely or using cloud-based tools. These hiccups should not be showstoppers unless they become consistent. Contact your IT Support for specific guidelines.
