As Addepar’s CISO, it’s my job to think every day about how to protect our company and client data. After more than a decade working in security, I know that the risk of falling victim to cybercriminals is ever-present. But the good news is there are precautions you can take to help keep yourself and your clients safe.
Cybercriminals are exploiting COVID-19
The COVID-19 pandemic impacts not only health, but also the education system, e-commerce, travel, and myriad other aspects of life – including the global economy as a whole. During this time, cybersecurity takes center stage as we navigate the uncertainties.
One cause of increased cybersecurity activity is that far more people are now working from home. Home technology infrastructure is often less robust than what employers have in place in a corporate setting. In many cases, companies are unprepared to protect data being accessed by employees on non-company owned devices or unsecured home WiFi networks.
In addition, cyber-criminals are using the crisis to launch attacks that take advantage of people’s concerns. Many are using COVID-19 as a Phishing lure to send illegitimate messages posing as the Internal Revenue Service, Centers for Disease Control and Prevention (CDC), the Small Business Administration (SBA), health insurance companies, and other organizations at the forefront of the health battle. These emails are designed to look like they contain official business information. They attempt to trick people into providing personal information or clicking on malicious links.
In March, the FBI Internet Crime Complaint Center (IC3) reported a surge of Phishing messages. These messages promised vaccines, access to test kits, and airline carrier refunds. IC3 also expects a surge in Phishing attacks promising early access to stimulus bill funds.
In addition, I’m beginning to see attempts toward individuals focusing on credentials, harvesting of bank account information, and logins. On the business side, there are cases of emails disguised as the Small Business Administration loan guarantees for a small processing fee.
Bad actors also weaponize social media for disinformation campaigns. Using social media campaigns, cybercriminals trick users into installing malware on their devices, leading to the loss of data.
Take steps to protect yourself and your clients
There are precautions I recommend to reduce the risk of exposure. At Addepar, our Information Technology and Security teams are refining the Groupware telemetry to rapidly respond to incidents reported by employees. We know that vigilance is the best line of defense. To educate and raise awareness of the risk, I recommend sharing real-world examples of attacks. This helps to identify how bad actors seek to compromise businesses and manipulate people.
You can find real-world examples on websites like the Cybersecurity and Infrastructure Security Agency (CISA) and the Internet Crime Complaint Center. Start by educating yourself about what to watch for and then consider sharing that information with your networks. The key takeaway is simple: No one is giving away free money and no one has developed a Coronavirus vaccine. If it sounds too good to be true, then it probably is.
In addition to watching for Phishing attacks, consider other cyber-hygiene practices while working from home. Make sure your home WiFi network utilizes the latest encryption technology and an uncommon wireless key. Don’t allow unknown devices to join the network. Use complex passwords that are difficult to guess and use a password manager to avoid reuse. Keep your systems and virus protection software up-to-date and install the latest security updates on your mobile device. Using your corporate virtual private network (VPN) at home also adds protection similar to a corporate firewall.
Cybersecurity experts are responding
Thousands of cybersecurity experts around the world are uniting to improve detection and response COVID-19 related attacks. Industry-leading technology vendors have formed the COVID-19 Cyber Threat Intelligence League. This group, in particular, is playing an important role in identifying and quashing malicious activity related to the pandemic.
Finally, as you navigate this rapidly changing landscape, please know that the Addepar team is here as a resource for you. If we can provide assistance in leveraging the Addepar platform to continue serving your clients’ needs while working remotely, please contact us at firstname.lastname@example.org.