Overview/Introduction
This is definitely interesting times we are in. I suspect if I polled staff prior to March 16th, most would not have even contemplated doing their job from home. Nonetheless, current events have forced the majority of our workforce to do just that. As we adjust to our new environment, we must be hypervigilant to the security of our data and our surroundings.
Details
Current Situation:
- 92% of malware is delivered by email
- 95% of attacks on business networks result from successful phishing emails
- The average cost of a successful phishing attack to a mid-sized business is $1.6m
Worldwide, there has been a double-digit percentage increase in phishing attacks.
- These phishing emails are coming disguised as emails from both the CDC and WHO requesting you click links with the message for more detail around current situation
- There also coming in looking like legitimate emails from employers with likes to policies and procedures.
Make sure you know who the sender is and that you are expecting the message before clicking any links. Better yet, avoid clicking any links all together. One tell-tail sign of a bad actor is poor grammar or spelling. Regardless how legitimate these messages look, they almost always include serious grammatical errors in them.
Avoid any tracking programs unless you know where they are coming from and confirm they are legitimate. If you are looking at applications from known reputable sites like Johns Hopkins, make sure the links take you to their site.
Cell phones are not immune to scammers…. There are a number of apps in both the Apple and Android stores that can lock or encrypt phones. Be diligent to confirm legitimacy.
Some things to be aware of…
- Remote Support scams
- Calls from unfamiliar support staff
- Self Help websites
- Using personal emails and cloud services for company business
- We have a number of services in place to facilitate access to files and applications without having staff use personal accounts. If you need assistance, please speak with your manager/supervisor/director for help
- Insecure Home Networks and Wi-Fi access
- As we rely more on our home networks, we need to ensure access is password protected and that the password has been changed from the default. Your Internet Service Provider should be able to help with this.
- Public Wi-Fi
- If at all possible, you should avoid “free” Wi-Fi at your local coffee shop or restaurant. Shouldn’t be a problem in our current lockdown state but even when things return to normal… these are services that have little to no security allowing bad actors access to personal and professional data.
- You also want to observe and know your surroundings. Who’s around you and are you reading any data that you would not publicly share. People are naturally curious and may try to read your screen over your shoulder.
- Home Computers
- Make sure your home systems has the latest updates and is running the latest version of your operating system.
- Make sure you have an active antivirus/antimalware application running on your PC/Laptop and it has the latest updates
- Privacy and Confidentiality
- Most of us do not own shredders so it’s a very good idea to not print any confidential information at home
- Avoid moving any data to flash drives, USB drives, or other types of portable storage devices
Summary
- We are in a time of rapid change – if we heighten our awareness of our practices and our surroundings we can get through this.
- Cyber Threat Vector has increased exponentially – Make sure your personal devices are updated, running the latest version of the operating system and your antivirus/antimalware applications are functioning and updated
- Communicate – keep in constant contact with your staff… offer guidance and support. Make sure they have the tools they need and help them to get those tools.
- Human Firewall – Increased awareness will be the key to ensuring no bad actors are given the opportunity to exploit the museum or you personally
- Utilize available technology to communicate – we have a number of different tools that can be used to communicate with staff, don’t be afraid to use them.