I'm seeing a massive increase in cyber attack attempts on our organisation.
Hackers are seeing COVID-19 as a golden opportunity to compromise you/your organisation, while attention is directed elsewhere...
busy/distracted people clicking on links they shouldn't
IT resources stretched thin
people working from home with less than ideal WiFi security
people working on shared unsecured WiFi
For everyone - be extra vigilant - think before you click - and think again, then again before providing a username and password - all of our "near" compromises have come from
users clicking on links they shouldn't
much worse, users entering user names and passwords after clicking a link they shouldn't have
For those involved in managing IT:
if you don't have Multi Factor Authentication implemented do it now - this one control that has blocked probably 50-100 attacks on our small organisation over the last 12 months.
we recently ran a vulnerability/penetration test and were able to crack a bunch of user passwords/hashes that were too simple - we contacted all the users on that list to change their passwords to something stronger...and less than a week later one of those users had a hacker try to login to their account numerous times before giving up
The bad guys are poking everywhere - make sure you've got a plan and a process in place just in case you are attacked...it's too late once you've been cryptolocked:
would your organisation pay a ransom? (I've raised it, but I didn't get a clear answer)
have you tested your restore processes recently...most backup all the time, but usually incrementally, and have faith in the software to get a proper recovery from all the incrementals added together...have your tested a recovery?
do you have a cyber attack plan in place?
have you scenario tested a cyber attack against your plan?
We're in unprecedented times - maintain or increase your IT security requirements and be conscious that the bad guys are literally having a field day - don't let them in...
...I'm not a techo, but happy to provide high level guidance as I can.
Mike