Amidst these uncertain times, more people are working remotely now than ever before. These unprecedented circumstances require your Information Technology (IT) Departments to work diligently to ensure that your employees can be productive and continue to deliver critical community services while working from home.
One particular area of focus must be on your network’s cyber security. Regrettably, the Coronavirus pandemic is an unfortunate event that is being specifically targeted by criminals preying on and exploiting people’s fears to increase their chances of phishing, ransomware attacks, and other methods of stealing personally identifiable information (PII) and exfiltrating data from their networks.
CIRMA has recently shared alerts on very specific, criminal and foreign, state-driven activities to carry out nefarious acts against your networks. In order to continue to assist you in defending your networks during this intense time, below are best practices pertaining to specific topics that can help keep your networks secure while your employees work from home. These, and other best practices can also be found on the CIRMA Cyber Resource Page.
Business Email Compromise (BEC) attacks continue to be the most heavily used and vulnerable cybercriminal attack vector. BEC attacks are a form of cybercrime that uses email fraud to attack commercial, government, and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Examples of common BEC attacks include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Often consumer privacy breaches occur as a results of a BEC attack. Communications to employees should stress that although they are working remotely, any suspicious requests should be verified directly with the requestor (in person), prior to the release of PII or other sensitive data.
An example of a Business Email Compromise (BEC) would be an email sent to a specific employee within an organization via a spoof email (or series of spoof emails) that fraudulently represents a senior colleague (CEO or similar) or a trusted customer. The email outlines instructions to approve payments or release some type of data. The emails often use social engineering to trick the victim into making money transfers to bank accounts, changing direct deposits, releasing W2s or clicking on links which allow malicious software known as malware to be introduced into the town’s network.
Wireless Networks (WiFi) (employee’s home): Require your employees to change their default password on their wireless network regularly.
WiFi (public): Minimize the use of public WiFi for any of your town or school district-owned member equipment. Advise employees to lock their devices when they step away from their workstations.
Municipal and School District Devices: There may be a need for members to provide devices to employees or students who will be working remotely. A proper inventory of those devices should be kept and monitored on a regular basis. Member IT teams should establish a process to keep software applications on these devices up-to-date which can help detect unauthorized software application installation or use. Policies and protocols should be established to limit the use of any non-approved software programs.
Personal Devices: Although this may not be the best practice, CIRMA Risk Management offers a comprehensive white paper that outlines best practices for allowing personal devices to be connected to your network.
Employees should practice effective security hygiene at home by keeping their operating systems and software fully up-to-date. Employees should utilize effective anti-virus software, and effective password maintenance for their device(s). Employees should also be advised to take extra precautions and avoid downloading unknown software/applications onto their device(s).