Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
It’s officially Cybersecurity Awareness Month. Launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security in 2004, it’s another way for each and every one of us to do our part to make sure that our online lives are kept safe and secure.
While we know that cybersecurity is important every month, now is a good time to promote and implement good security hygiene tips and #BeCyberSmart, especially amidst the increased remote workforce and heightened scams around the pandemic. Why not get a little refresher with industry-wide tips and best practices?
The NCSA is advocating that we get the word out to protect users and connected devices, and offers these tips to be cyber smart:
- If You Connect It, Protect It. The line between our online and offline lives is indistinguishable. This network of connections creates both opportunities and challenges for individuals and organizations across the globe. Internet-connected devices have impacted our lives and will empower all users to own their role in security by taking steps to reduce their risks.
- Securing Devices at Home and Work. 2020 saw a major disruption in the way many work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working from home, these two Internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of.
- Securing Internet-Connected Devices in Healthcare. The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain has created many benefits but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit.
- The Future of Connected Devices. The future brings technological innovations, such as 5G, might impact consumers’ and business’ online experiences (e.g. faster speeds and data transmission, larger attack surface for hackers), as well as how people/infrastructure can adapt to the continuous evolution of the connected devices moving forward. No matter what the future holds, however, every user needs to be empowered to do their part.
Editor Ben Canner, in his Solutions Review article on Cybersecurity Awareness Month 2020, talks with several information security people on how the threat and work landscape has changed. This quote from Steve Preston with TrapX Security sums it up:
“The COVID-19 pandemic has instigated a huge shift toward remote work, cloud adoption, and a more digital lifestyle. This is new territory for many who are accustomed to working from the office, shopping in stores, and teaching in a classroom. As part of this shift, we are simultaneously sharing more information about ourselves and our work while we live and work in a more vulnerable state – uncertain, alone, eager. As a result, phishing and ransomware attacks have skyrocketed. Individual cyber-awareness is needed now more than ever. We need to slow down and live our digital lives with more caution. People and organizations must operate under the assumption that bad actors are in their network ready to attack. Those responsible for the security posture of their organization must take active measures now to deny attackers free rein in their networks before it’s too late.”
The FBI offers these cyber safety tips this month and every month:
1. Keep software systems up to date and use a good anti-virus program.
2. Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.
3. If an unsolicited text message, email, or phone call asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the phone numbers provided in the message. Go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
4. Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
5. Scrutinize all electronic requests for a payment or transfer of funds.
6. Be extra suspicious of any message that urges immediate action.
7. Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.
Make security part of your overall strategy
As companies of all sizes are continuing to manage a remote workforce, things might be changing permanently. In a recent survey, Gartner found that 82% of business leaders plan to allow their employees to continue to work from home in some capacity, while nearly half, or 47% will let their employees do so permanently, according to a TechRepublic article.
By now, many organizations have work-from-home practices in place. NordVPN Teams recommends these security tips:
- Content storage should be allowed in the cloud only. Use cloud-based or web-based storage software that allows for sharing and editing of documents.
- Enhance endpoint security through two-factor authentication. This adds a second layer of security when logging in to important applications. Multi-factor authentication uses OTP (one-time password) technology, certificate-based USB tokens, smart cards, and additional advanced security technologies.
- Connections to the company’s network should be performed through a VPN. A Virtual Private Network uses either SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote worker’s machine. This safeguards both the end user and the corporate environment, ensuring that no one is able to decipher sensitive data traffic.
- Adopt a risk management contingency plan. As one example, make sure you can track a laptop or wipe it remotely in case a remote worker loses one with sensitive business information on it.
“The goal is to not only secure your remote devices and endpoints but to make that security part of your overall strategy,” advocates NordVPN Teams.
What is the future focus of attacks?
When it comes to hacking, what do we need to worry about? Pretty much everything according to an article in The Wall Street Journal. What gadgets and things and tools and infrastructure are susceptible to assaults by hackers in the coming years?
- Implanted medical gadgets. The chance of criminals focusing on these gadgets is anticipated to extend as extra of them come outfitted with GPS trackers, Bluetooth and web connectivity.
- Smartphones. Their ubiquity and significance make them ripe for assaults. As smartphones are more embedded in our lives, changing into our passports, automobile keys, etc. Corporations that mix information generated by cell apps and linked gadgets are additionally targets.
- The house workplace. The pandemic-related shift to distant work has created more opportunities for cyber attackers.
- Good-home gadgets. Smart-home gadgets, such as doorbells, locks, lights, ovens and low makers, will be highly vulnerable to cyberattacks. Many lack fundamental security measures, comparable to the flexibility to alter the default password.
- Automobiles. The concern is that vehicles may turn out to be a goal for ransomware.
- Cities. Cities are additionally susceptible as they join extra infrastructure to the web.
- Trains. Trains are like “computer systems on rails.” They communicate with one another and with stations, and sometimes have their own Wi-Fi networks.
- Airplanes. Techniques managing ground-crew personnel, air-traffic management, airport kiosks, plane catering, baggage declare and plane-to-ground communication may all be attacked — all of which may stop flights from taking off.
- 5G networks. The distributed nature of 5G networks offers fewer alternatives to implement cybersecurity measures.
- Colleges. The surge in distant studying in the course of the pandemic is escalating ransomware assaults on colleges.
- Hospitals. Assaults on hospitals have largely targeted on ransomware, primarily holding the hospital’s information hostage by encrypting it, after which releasing it upon cost. Attackers may take management of the hospital’s online techniques to govern machines and information.
- The power grid. The U.S. power grid is susceptible to cyberattacks that might destroy turbines, transformers, and oil and gasoline pipelines.
Congratulations to Peggy Miller, CEO of PacStar and Ganesh Shankar, co-founder of RFPIO, recipients of this year’s EY Entrepreneur of the Year award in the Pacific Northwest region! PacStar and RFPIO are both sponsors of Cyber Oregon.
Partner blog of interest: Eclypsium: Applying Lessons from CISA to Your Firmware