What do COVID-19 and your Cyber Security have in common? Microsoft recently revealed that its team of security experts had identified two new large phishing campaigns that claim to include critical COVID-19 info. These messages began to show up in mid-May and leveraged a variety of different email attachments to tempt users into installing remote access tools on their PCs.
They claimed to have come from the John Hopkins Center with subject lines like “WHO COVID-19 SITUATION REPORT”. The emails appear legitimate and, when opened, a visual chart of COVID-19 cases in the United States pops up giving an even more legitimate appearance to the emails. The provided link, once clicked, prompts a security warning requesting permission to run embedded macros in the attached MS Excel file.
If the security warning is allowed, a remote access tool called “NetSupport Manager” is then installed. But instead of reaching out to helpful IT resources, these illicit tools connect the user to servers set up by hackers who then remotely run commands to attack compromised computers on the network.
Other recent phishing campaigns that capitalize on current events claim to offer “personal coronavirus checks” which instead install TrickBot, a virus that attacks protected user information and become a bridge to ransomware attacks. And with hurricane season now getting started here in the Southeastern U.S. and COVID-19 again on the rise, The Cyber security and Infrastructure Security Agency (CISA) has warned users to use caution with unfamiliar emails, social media, and text messages targeting disaster relief and charitable donations.
Why is it so important to protect your information?
If these phishing campaigns are successful, yours and your company’s critical personal and business data can be at risk. In another recent discovery, security experts revealed that a known international ransomware group had created an auction site to sell their victims’ stolen information to the highest bidder! These ploys can affect both small and large companies as the first auction listings included stolen data from a mid-sized U.S. based food distributor and a major Canadian agricultural conglomerate. In May, these same cybercriminals published company data from an international law firm and threatened to sell the private legal documents of celebrities such as Madonna.
So how can you keep your company’s data safe?
1) Implement 24/7 Monitoring Services to detect threats before they are acted upon
Preemptive threat response has become more of a focus among IT departments. Whether the intention is to steal data for financial gain or disrupt your network and systems, identifying threats before they are acted upon is the primary goal here. With our FREE 24/7 monitoring and maintenance solutions, User Friendly Technology Services scans our clients networks and individual machines searching for any risks or vulnerabilities and we are alerted to those immediately so that we are able to work with our clients to address these threats before they impact your business.
2) Install and Maintain up to date Anti-Virus, Anti-Spam, Anti-Malware and other Security Tools
If 24/7 monitoring is the first line of defense in cyber security, anti-malware helps to arrest software attacks initiated by malicious links and infected online ads. Anti-spam recognizes and identifies email-based attacks and DNS filtering tools expand your security to keep more sophisticated attacks from penetrating your network security firewall.. While no set of preemptive tools can provide an impenetrable firewall for any company, User Friendly helps our clients set up the necessary array of tools to protect your small business from being an easy target, which is almost always enough to send cyber criminals looking for easier targets.
3) Work with your IT partner to maintain and install updates on Security Tools
Many ransomware strains target vulnerabilities in outdated softwares. For this reason security patches and software updates are extremely important. But often times installing those updates can be confusing or a distraction from present work. This often results in users neglecting important downloads, installing unnecessary or unmonitored patches, or unknowingly causing major problems by clicking the wrong “Install Now” button. By working with a trained and professional IT partner, your business can stay ahead of cyber security threats by monitoring and managing your systems, preemptively fixing latent problems and only installing patches and updates at a safe and convenient time for the business.
4) Be aware and alert team members on the threats of Phishing Emails
Trained, vigilant employees often serve as the first line of defense against phishing and ransomware attempts. Educate your employees to be conscious of and skeptical of unusual email messages, particularly those from unrecognized senders. Let them know to NEVER open an attachment or click a link within an email if you weren’t expecting it or see anything suspicious. Let them know to hover the cursor over website links to look for legitimate URLs. If they see a string of random characters or unrecognized addresses that should be an immediate red flag to alert your IT team. If they see anything suspicious or unusual, they should double check the email header, subject lines, and email body for any errors and of course ask their IT professional to look it over. Phishing emails often impersonate real email accounts with slight differences and copy or modify common verbiage to appear legitimate.
5) Train Employees/Establish Procedures
Investing in training early and often can be the difference between security and crisis for your business. Introduce cyber security education into employee onboarding and provide annual refreshers to keep employees updated on current phishing tactics. Depending upon the complexity of your business and the size of your team, training might include evolving cyber crime tactics, phishing examples and strategies, password security protocols, email and social media standards, remote access and work from home rules and incident response procedures. Ask User Friendly or your IT provider about developing a plan to get ahead of cyber threats and how to deal with them if they happen by training your staff in advance.
6) Establish data backup strategies
Creating automatic nightly backups of your important business data is one of the most critical security measures for any business. Free internet-based solutions (i.e. Google Drive or DropBox) and local hard drive backups aren’t sufficient—look to your IT provider to recommend professional grade local and cloud data backup solutions that at worst make it very difficult to fall victim to phishing or ransomware attacks and data loss, and at best put your business in a position where anything that does happen allows you to quickly and painlessly retrieve any important data that might be lost.
At User Friendly Technology, we work with each and every client to establish crucial security and data protection protocols that allow them to rest secure knowing that their data is safe. And our Free Monitoring and Maintenance services keep us ahead of cyber threats to your network so that your small business can enjoy the security and protection of a large corporation. Talk to us today about how User Friendly can help protect and maintain your IT network like the big boys at a price that your small business can comfortably afford.
Like us on Facebook
Follow us on Linked In