At NISC, we see our Members as not only our Member-Owners but also part of our IT cooperative community. In regard to cybersecurity, an educated community is a safer community. We want to help you all achieve a secure workplace – whether in your physical building or in your employees’ homes. Here are the top five threats we are seeing during this pandemic and pointers on how to reduce the threat.
Social Distancing, Not Social Engineering
In today’s cyberworld, everything is fair game, even your employees. Cybercriminals will go to extreme lengths to trick your employees into opening a hole in your network for them. Now with the coronavirus pandemic, the opportunities for social engineering trickery have increased. With unemployment and stimulus payments being deposited, thieves leverage these hot topics to lure in those unsuspecting victims. Everything from emails with malicious malware embedded to exploit your critical business data, to spam mimicking a legitimate financial institution to trick recipients into giving up their login credentials, the cybercrime tactics evolve where they see a weakness. During times of uncertainty, it’s human nature that the numerous distractions cause our guards to go down. Train your employees to identify signs of a potential phishing campaign and remind them the risk is even greater right now. Is the spelling correct? Does the sender match the email address? Am I expecting this email? Does the email want me to click on or download something? Who should I contact if I see something malicious? When in doubt, follow up before opening up.
Remote Collaboration Concerns
It is hard to replace face to face communication. Fortunately, technology is helping bridge this disconnect. From emails to instant messaging to video conferences, it is imperative we all ensure the collaboration tools we use are secure. One growing platform for meetings is Zoom. Only as it has become more widely used has their security and privacy issues surfaced, such as lack of encryption end to end. The majority of the concerns have been or will be addressed soon. One concern to keep an eye on is a phenomenon called Zoombombing, an event when someone who was not invited to the meeting joins the video conference to shout vulgar comments or share offensive imagery. The attack could simply be from someone guessing a random meeting ID code or finding a meeting link in the public domain. One simple resolution is to password protect meetings and only allow the meeting host to share their screen.
Protect the Virtual Branch of Your Organization – Your Employees’ Homes
Moving staff to a home office has security concerns of its own. And with many now working virtually, securing all assets is critical. It can be something as simple as ensuring employees are locking their computer when they step away or requiring their home networks are secured with a password. It is best to clearly list expectations for the staff as security comes more naturally to some than others. Make it be known what is expected of all staff: A secure WiFi connection, locking their computers when not in use, properly filing physical papers and safely storing work files and documents. The key here is to protect the valuable data – And effective communication of rules and standards will help you do so.
Updating is Not an Option
Now is a good time to ensure you are running the latest and greatest patches. Be sure that firewalls, laptops, desktops, email, mobile devices, printers, etc. all have the latest patches and updates applied. This affects those devices in the office as well as the home office. Staying up to date effectively closes the weaknesses that cybercriminals are exploiting.
Understanding the Scope of PCI Compliance
In light of the current COVID-19 pandemic and urgency to setup employee offices at home for the foreseeable future, it is imperative no one lets their guard down. When we move employees to an untrusted place, such as a home office, we must either fortify the new location or leave what would otherwise be vulnerable services within the trusted environment. With PCI compliance, that is every bit the case.
Fortunately, NISC’s e-commerce solutions allow customers to make payments to those avenues without compromising your PCI compliance or their cardholder data (CHD). Directing customers to these solutions maintains continuity with already-in-place solutions and does not require you to compromise your PCI compliance or put extra strain on employees or your network. Click here to read NISC’s COVID-19 PCI Compliance blog.
The NISC Cybersecurity Services Team is always here to help. Simply send us an email to cybersecurity@nisc.coop.