NORTH CAROLINA (WECT) - It can happen to anyone — an email appearing to come from someone in your own company, or from a customer service account for a product you bought to prepare for the novel coronavirus turns out to be a sophisticated phishing scheme.
Suddenly, not only your information, but that of your coworkers and client list are at risk, because unlike your internet connection in your office, your new work-from-home set up is far less secure.
“I feel very bad for all the I.T. workers at various businesses,” said North Carolina Attorney General Josh Stein.
With more and more people working from home, Stein and those at the Identity Theft Resource Center (ITRC) are closely watching for and warning people against the threat of cyber attacks.
“With all of the challenges that we are having right now, so many people working remotely and a lot of these folks working remotely for the first time and not being familiar with all of the best practices and being just really discombobulated, our big message from Identity Theft Resource Center is just to slow down and take five minutes to make sure that you understand what’s going on,” said ITRC President and CEO Eva Velasquez.
According to the ITRC, 39 percent of all data breaches can be linked back to simple “hacking" through a phishing scheme or something similar.
In 2019, the ITRC found a roughly 17 percent increase in data breaches over the previous year, and the organization is anticipating a rise in cyber attacks on businesses in the wake of COVID-19.
Velasquez said the same theories the public should be applying to stopping the spread of the virus should be applied to preventing cyber attacks as more people work from home.
“Right now, we are and we’re having a lot of conversations about how hygiene is playing a huge role not just in protecting yourself but the actions that you take as an individual are going to affect your entire network and community,” she said. “It’s the same thing when it comes to cyber. The actions that each and every employee takes don’t only affect them, it can affect your entire network.”
Velasquez said the ITRC and other agencies such as the Federal Bureau of Investigation recommend anyone working from home and accessing their company’s data set up a Virtual Private Network, or VPN.
For those unfamiliar with the technology, Velasquez had an analogy.
“If you think of the packets of information going across the internet as going through a clear plastic tube, a VPN puts a shield around that so somebody who is not supposed to be seeing that information can’t look in and see it.”
At the very least, she said, people need to make sure their home router is password-protected, and with a unique password to that device.
The ITRC recommends making sure passwords and credentials used for business purposes are entirely different than those used for personal accounts, and not sharing your main wifi password, but instead creating a guest network for friends and family to access when needed.
Additionally, Velasquez recommends business owners and supervisors maintain regular communication with employees so they can quickly recognize anything out of place.
“That will go along way and just making the people feel both emotionally still stabilized and connected but also in securing your business,” she said.
The stakes will only increase for properly securing information as people work from home and students begin doing schoolwork from home.
“There are all these things that folks need to be concerned about and take extra precautions to make sure that their personal information is not compromised nor are any of the massive data bases that they may have access to through work,” Stein said.
Where modest phishing schemes might be after the money in your bank account, Velasquez said the information people are now bringing home with them is even more valuable.
“Not only are they going to be trying to access your cash, your money, but they want your data as well,” she said.
If you see a suspicious email land in your inbox, or happen upon a suspect website, Velasquez recommends taking a step back to fully investigate.
“Just slow down and take a moment to think before you react,” she said.
Most companies have a policy in place for reporting suspicious items internally, but for external threats or suspicious-looking websites, ITRC recommends reporting to the FBI’s cybercrime tip line.
For something that appears to be coming from inside North Carolina or directly affects a local business, Stein’s office recommends calling 1-877-5-NOSCAM to file a report, or filling out a complaint online.