Your browser version is outdated. We recommend that you update your browser to the latest version.

Cyberattacks Are On The Rise, Mirroring The Rise In Work From Home Assignments

Posted 9/30/2020

By R. Bruce Wright, CPCU

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a formal advisory in response to the recent surge in cyberattacks, after finding a 400% increase in cyberattack reports during the first six months of the COVID-19 pandemic.

 To see that alert use this URL:

http://www.documentcloud.org/documents/7041919-Cyber-Criminals-Take-Advantage-of-Increased.html.

Increases in distributed work environments, aka WFH or “work from home” locations, sites typically with limited controls and monitoring, have led to the increase. If you have employees working remotely, you should make sure you have taken some basic steps to protect your data. 

  1. Secure your network at all access points, such as computers, tablets, and mobile devices   
  2. Provide for protected off-site data backup 
  3. Make sure all remote users are fully trained in how to spot and stop “human engineering” attacks such as phishing, voice phishing (vishing), and malware click bait. 

"Hackers don't break in, they log in.” That mantra, used by cyber security experts, reflects reality — the vast majority of cyber security breaches are the result of stolen or scammed passwords, and not the use of high-tech hacking tools. Cyberattacks typically start with a simple email or phone call. Phishing scams, calls or emails in which attackers pose as a trustworthy party to trick people into handing over personal details or account information, are now the most common type of internet crime, according to recent FBI reports. 

As phishing becomes more profitable, hackers are becoming increasingly sophisticated in the methods they use to steal passwords. Sophisticated criminals are now creating their own fake domains using very real looking company logos, addresses, and credentials to scam unsuspecting employees into providing log on IDs and passwords. They can go so far as to have “spoofed” or phony 2-part authentication systems to convince the victims that they are in fact part of an official company security system.

So, what can you do to protect yourself and your company? If you are allowing more people to work from home, this is the time to build their awareness of the threat. Start by training your own “human capital” to spot attacks. Training employees to recognize and report suspicious emails and activities can build a “human firewall” that can prevent or limit any damage to your business and clients. Here are a few basic tips to share:

  • Be alert to any and all emails asking users to open attachments or click links. Anti-malware and anti-phishing programming solutions can help screen malicious emails and payloads from your email addresses, but even with such protections in place, caution should always be your watchword; no automatic solution can catch everything.
  • Beware of any communications claiming to be from sources that you normally would not receive emails from. These are likely to be phishing efforts. For example, receiving coronavirus-related emails from legitimate distribution lists is fairly common, but emails from organizations that you do not regularly receive messages from should be scrutinized closely. The CDC is not going to be sending out emails to anyone who doesn’t regularly receive emails from them already.
  • Be vigilant even with emails from organizations you regularly communicate with. Brand impersonation is quite prevalent in email attacks, so use caution opening emails even from organization you might expect to hear from. Never click on a link with an “executable” attachment file. 
  • Finally, don’t fall for charitable appeal scams.  A common tactic for scams is asking for donations to help victims of the COVID-19 pandemic or some other dread disease. To avoid falling victim to one of these attacks, don’t respond to email requests for donations. Instead of responding, choose credible charities and donate directly. Opt to give directly to a known recipient of your choice to ensure that your money goes where you intend, rather than into the hands of scammers. And, of course, any request for a donation using Bitcoin should be a red flag warning — Scam, Scam, Scam!