NPR Morning Edition’s Steve Inskeep interviews Alexander Urbelis, a hacker-turned-information-security lawyer who founded the New York-based Blackstone Law Group, about “the designs of such attacks and some best cybersecurity practices people should use to defend themselves against hackers.”
Phishing scams, spam spike as hackers use coronavirus to prey on remote workers, stressed IT systems
Writing for CNBC, Eric Rosenbaum finds that “The risks caused by the coronavirus are rising beyond public health, job losses and economic spirals. Cyberthreats, including phishing scams and spam, are spiking as online criminals take advantage of the coronavirus to attack remote workforces and corporate systems, and tech vendors, such as SaaS providers, are less able to respond in the current situation.”
Here’s a roundup of how the country’s top law firms are handling the coronavirus pandemic. This list will be updated regularly. Most firms are encouraging remote work, and some require it.
Integreon Says It Has Partnered with SecureReview to Ensure Security of Remote Workers During Pandemic
“In response to the coronavirus pandemic, the global legal services provider Integreon said today that it has taken steps to enhance the ability of its employees working from home or other remote environments to provide their services securely, including a partnership with SecureReview, a company that provides a secure infrastructure for remote workers,” writes Bob Ambrogi on the LawSites blog.
As remote work becomes the norm during the COVID-19 pandemic, hackers attack unsecured home computers. “There is increasing evidence that hackers are using the concerns over the virus to prey on individuals and that working outside secure office environments opens the door to more cyber vulnerabilities,” writes Maggie Miller.
Roy Strom writes in Bloomberg Law, “Closing down a law firm office is a major business disruption. And being forced to experiment with a full office closure may lead lawyers to discover new ways of working or commuting. Many firms have relatively new remote working programs that will be put to the test.” Strom interviews partners from Big Law firms Hanson Bridgett and Gensler.
Some of the decisions by IT and security professionals are innovative, secure and even cutting-edge, while others are downright cringe-worthy and laden with potential risk. One security decision I’ve seen is allowing the installation of your organization’s virtual private network (VPN) software on an employee’s home computer for remote access. While some security professionals may think of this as an acceptable practice, this policy is high risk with an undesirable attack vector when permitting access into your environment.
It’s time to evolve the role of the Chief Information Security Officer. According to Michael Greene, CEO of Enzoic, That includes technology around data sharing. “CISOs today have the opportunity to help enable the organization to grow by delivering a digital experience that delights customers while mitigating digital risk. This requires the CISO to advise the business about when and where cyber risks could manifest. Security leaders must now be able to transform their security practices in lockstep with all the other changes wrought by business-wide digital transformation.”
Deepfakes and ransomware: Security Boulevard explains how to protect yourself in 2020. “In 2019, 50% of all global organizations fell victim to ransomware, compromised accounts, or spoofed credentials, many due to falling for a phishing attack. In the same year, Australians reported $61.6 million lost due to investment scams. As alarming as these statistics are, we expect cybersecurity threats for 2020 to increase.”
The U.S. National Security Agency took the unusual step Tuesday of announcing what it calls a “severe” vulnerability in Microsoft’s Windows 10 operating system ahead of Microsoft’s Patch Tuesday security update. The flaw could allow attackers to execute man-in-the-middle attacks or decrypt confidential data within applications.