Brad Atkin, CPA, CISA, CITP, SOC – Shareholder, IT Advisory and Security Group – Doeren Mayhew

As organizations continue to navigate the growing concerns of the novel Coronavirus (COVID-19) each day, cybercriminals are capitalizing on the opportunity to compromise companies and user data. With more and more people working remotely, the Cybersecurity and Infrastructure Security Agency issued an alert reminding individuals to remain vigilant for scams related to COVID-19 as they are beginning to see a new influx of cyberattacks in the United States.

Doeren Mayhew’s dedicated IT Advisory and Security Group highlights keys areas to help mitigate cyberattacks within your organization:

1. Use a secure Virtual Private Network (VPN). Organizations should patch and update their VPNs, network infrastructure devices and devices being used to log into their network. Additionally, increase the amount of internal vulnerability scans performed as vulnerabilities are climbing with a rise in telework.

2. Beware of phishing scams. Phishing activity is significantly increasing due to COVID-19, and hackers are using trusted brands like the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) to build credibility and entice users into opening attachments. Organizations should have a mechanism in place that flags, blocks or quarantines suspicious emails, plus urge employees to be extra aware of common phishing email signs. Consider the following:

    • Take notice of common phishing traps such as a suspicious sender, generic greeting, spoofed links, bad spelling and suspicious attachments.
    • Do not reveal personal or financial information in an email and do not respond to email solicitations for this information from an unknown source or individual.
    • Avoid clicking on any COVID-19 related links or attachments received via email or messaging apps. For more information, see Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams.
    • To obtain COVID-19 news, use trusted sources such as the WHO and CDC websites through the URL address bar.

3. Implement a multi-factor authentication. Contact your service provider to institute multi-factor authentication as soon as possible, as this greatly reduces your cybersecurity risk. Ensure your current IT employees are ready to ramp up cybersecurity tasks such as log review, attack detection and incident response. If these are not already in place, they should be adopted as soon as possible.

4.  Adopt guidelines for working remotely. Put a policy in place to help keep your organization protected and client data safeguarded while working remote. Things to consider include:

    • Implementing controls for employees who are using personal devices to make sure sensitive files and information are not downloaded or stored.
    • Having employees store sensitive data on company-controlled devices or authorized cloud storage services only.
    • Quarantining and scanning employee’s personal computers (if this device is used) to make sure their security is up-to-date prior to connecting to your network.
    • Making sure employees do not use public Wi-Fi.
    • Spreading awareness of the potential threats and communicating how their efforts to mitigate cyber scams can not only protect themselves, but also your organization.

Doeren Mayhew works closely with organizations to evaluate their current information systems environment and advise on how to help keep them protected through our CYBERCLAW™ offering. For more information on how to manage cybersecurity risks during this time, contact us today.