Covid-19 Cyber Attacks

By now you should all be aware cyber attackers are capitalizing on the Covid-19 crisis. The tactics being used are ones we are all familiar with, phishing emails with malicious links and attachments representing 80% of the attacks. What has made the problem more challenging is the movement towards work from home (WFH). Insecure home computers being connected to sensitive corporate networks is opening the door to more successful attacks. How do you set up a safer WFH environment? While the options are numerous, let’s consider two of the basic options.

1. VPN Connection – probably the most cost effective and scalable way to create a secure WFH environment is to have a host VPN enabled firewall with the endpoints (home users) using a software based VPN client, commonly provided by the brand of firewall being used. There are countless ways to do this wrong, so letting an experienced IT team set this up should be considered mandatory. 
2. Utilizing Office 365 and Sharepoint, or comparable platform. Instead of needing to connect to data stored at your office, if you’ve migrated to Office 365 and have set up Sharepoint for your organization, then the WFH staff doesn’t have to enter the internal network at all, provided you are not running proprietary software at the office. Here again, there are numerous ways to set this up incorrectly, so working with a team that has done this properly is key. 

Both examples above are high level, broad stroke recommendations. Every situation is different and may require alternate approaches, or hybrid solutions. The important considerations are keeping the connections secure, not allowing a user’s compromised or infected home network penetrate your own, and making it as simple and seamless as possible. 

Of course, the same advice holds true about not clicking on links in emails and not opening attachments unless you know the sender and have confirmed via telephone they sent it – that really is the safest bet.

But a new twist has been added in the past couple of days that you also need to be aware of. Not only do we see fave Covid-19 websites, spoofed government sites, and more, all attempting to trick you into clicking on their site, but now the miscreants are offering deals on Personal Protective Equipment (PPE). As purchasing departments have been charged with replenishing dwindling supplies, malicious cyber actors are sending emails, making calls, and popping up websites offering bulk PPE supplies. Along with URL validation checking (the URL is the site they claim to be and it’s a legitimate HTTPS certificate), confirm with the CDC NIOSH website that they are an approved manufacturer for N95 masks, for example. If it’s for gowns and gloves, for example, confirm with the manufacturer that the supplier soliciting you is legitimate and has inventory. Of course, don’t provide any personal information to any solicitor offering to sell you supplies, toilet paper, tequila, or any other of life’s current essentials. 

All things, good and bad, end with time. This too shall pass.

J Mongelli

 

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.

For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.