Governor Ron DeSantis and the Florida Department of Management Services (DMS) have proclaimed October 2020 as Cybersecurity Awareness Month to encourage Floridians to adopt proactive measures that will enhance cybersecurity at home and in the workplace, and contribute to the overall security of Florida.
This serves as a reminder of the importance of knowing how to stay safe and secure online, especially amid a pandemic, when so many people are forced to work from home. Individuals and businesses who let their guards down are more susceptible to online hackers. We are seeing an increase in information being stolen and sold online, more accounts being hacked and more fraudulent emails making their way to inboxes.
Cyber criminals are taking advantage of the dispersed workforce by enhancing their scams to try to hack companies’ systems. We are seeing a broader move toward scams meant to shut down entire systems and subsequent ransomware demands, or scams meant to entice companies to wire transfer money to fictitious accounts.
Social Engineering Scams
This is when a hacker engineers an email (maybe from the CEO to the billing department) that tries to get the victim to wire funds to a fictitious account. Sometimes, the hacker gets into the company system, watches keystrokes, and sends the email internally. Sometimes they send one from outside the system that still tries to look like it’s from inside. Either way, the victim will receive an email from the business persona, saying they need to wire funds someplace for a deposit.
Employees should pay attention to word choice, structure and inconsistencies in these incoming emails. Always verbally confirm the wire instructions by calling the person requesting it, but don’t use the phone number in the email.
Cyber extortion usually starts when a victim opens an email with an attachment that spreads malware into the company system. Some of these emails even look like they come from legitimate sources like FedEx or UPS, inviting the receiver to click on a tracking number. Once a user clicks the wrong link or opens the wrong attachment, the malware then shuts the whole system down. The bad actors then send a message to the business saying they must pay a high dollar amount or send bitcoin to unencrypt the system. Extortion demands not only cost money to pay the demand, but also cost the company lots of money in down-time and the potential costs of rebuilding the system.
What can companies do?
As many businesses have moved to a work from home setting, it’s important to consider a secure VPN (virtual private network). Many smaller companies may be using Remote Desktop Protocol (RDP) which is a less secure system for remote access and one that many hackers are looking to exploit. Also be vocal and train employees to recognize fictitious emails. This can be done via email or zoom — send updates as often as possible to share the latest on what is floating around the internet.
Companies should also consider buying a cyber-insurance policy to help protect their business and manage cyber security issues. Most policies not only provide coverage for the costs associated with breaches but also provide risk-management tools and resources to help companies respond.
This Cybersecurity Awareness Month, take the time to adopt proactive cyber practices for your business to be protected from attacks.
In our rapidly changing world, industries must evolve to protect businesses. Stay alert and active, and we will get through this together.
Eric Shapiro is Regional President at Socius Insurance in Florida, and is a member of the Florida Surplus Lines Association with more than 20 years of experience in the insurance profession.