Since early March, a significant number of us and our employees have worked remotely or from home.
In the initial 2 weeks of the shelter-at-home order, Affiliated helped setup several hundred requests from our customers to help initiate remote workforces. The good news for our customers is that almost 100% of those staff members who began working remotely used corporate based systems and were connected to the organization via a standard, secure protocol. This step allowed for those devices and those users to continue to have a base level of security implemented on those systems; regular antivirus scans and patching continued to be applied and access to the through the corporate VPN system.
But that is not the case with everyone.
In conversations with many of my peers and participation in my industry groups, this “corporate” approach has not been the norm. In fact, in the rush to send staff remote, quite a large number of other companies chose to practice the bring/use your own device BYOD access method. They are allowing their staff members to access their corporate systems and do their work with their home devices; in many cases the same devices that are used for personal gaming activities, unfiltered Internet activities, and on systems that are not actively monitored for antivirus updates or patched for security issues. Bottom line: This has put their corporate systems, data, and organization productivity at risk.
Cyber Criminals Are Working Overtime
There has been a huge rise in cyber security fraud in the wake of this pandemic. In fact, cyber criminals have significantly upped their focus and attempts at nefarious activity that affect organizations and individuals across the spectrum from health care providers - both frontline and research, to government agencies - local and public health care, to nonprofit and commercial industries in large and small communities across the globe.
In many cases, they are using similar “tools” and approaches that have been used for years - emails requesting information, or links to supposedly legitimate information that contain malware, perpetrate cyber fraud, or implant macros that provide the criminal access to your system.
As an example, The FBI has reported over 1,200 domains referencing COVID-19 were registered in a two-week period starting at the end of February and Barracuda reported a 600+% increase in phishing scam emails starting in the same period. And one of the biggest traps spreading malware in late March and early April was a map demonstrating a time lapse spreading of the virus based on geographic areas that could be clicked on and zoomed in for your specific area. And they are only going to continue to get more focused.
SO, WHAT ARE WE TO DO?
It truly is a team effort.
Leadership, staff, IT, and even your IT vendors have a role in helping keep your systems, data, and productivity protected and secure.
Leadership sets the tone and establishes the threat tolerance for the organization. Leadership agrees to the level of security programs that are instituted, the policies and procedures that need to be implemented, the execution of those programs, and the oversight to ensure they are done correctly.
Here are three specific things that can be implemented or enhanced to improve the security of your systems, data and productivity.
User Security Awareness Training Programs
Formalize and implement an ongoing program to train all members of the organization on how to deal with threats that come via email and over the phone. A proper user awareness training program includes a variety of training sessions as well as regular “testing” to help remind users about the threats and exposures that are coming to them daily. Especially as today’s users disrupted work environments contain multiple distractions, this training and testing becomes even more important. Tracking the results of the testing and providing feedback to the users provides a valuable resource to demonstrate the importance and value of these programs. Preventing a ransomware occurrence that disrupts the company's productivity for a day or two or a cyber fraud event that costs the company $10,000 or more is easily worth the effort and time to implement and use one of these programs.
Enhance your Office 365 Security Settings
As we have mentioned since early April, we have been reviewing each of our agreement customers Office 365 tenants and have been compiling recommended adjustments and enhancements to their Office 365 accounts. We have started to make a couple of global enhancements and are preparing to meet with each of you to address specifics for your organization. A number of these enhancements are designed to provide a second layer of protection to prevent fraudulent or second level criminal activity from happening to your tenant account.
Microsoft is also aiding in the process by adding enhancements to the features of the software to improve its ability to verify and validate where emails are actually coming from; thereby reducing some of the phishing and spoofing activities that are behind a number of the cyber fraud events that are occurring today. They are committed to continue to improve the security and features of the solution to help secure your environment.
Implement a Request/Change Validation Procedure
For individual ACH or wire transfer requests, or any payroll change, institute a new procedure that requires a written sign off/approval before the transaction is completed. The approval should not just be a simple reply to the requested email or verification if it is a phone call from the person calling. The validation/approval should go through normal company channels (ask superior for approval, send new email or hang up and call the known number for validation). This will eliminate almost 100% of falling for any attempts at cyber fraud via a phishing email or a vishing phone call. The authorization procedure is non-technical an old school very effective have saving a very expensive error.
As leaders if we just implement these three suggestions, we will be well on our way to significantly reducing the risk of falling victim cyber fraud, productivity losses, data breaches, and unplanned expenses from malware and ransomware attacks.
If you'd like to discuss your specific environment, please give your account manager or Jason Long a call at the office, 614.495.9658 and we will be happy to schedule some time to talk with you.