Page 40 - The Insurance Times July 2020
P. 40
expect more phishing attempts and more exposure to understand common pitfalls and will help identify important
potential system breach. Yet while phishing methods have facets of an actual event, including who needs to be part of
not changed, the messages hackers are using to breach the response team.
systems are echoing current events.
Employee education: The best line of defense in any phishing
attempt is your employees. Take steps to increase your
In some cases, the security community is fighting back.
employees' education in both recognizing and reporting
Several security experts from top IT companies have formed
phishing emails. We recommend the following vetting
a COVID-19 CTI (Cyber Threat Intelligence) League, focused
on countering any attempts by hackers to exploit the current process:
pandemic. The group announced that in just a few weeks, Y Who is the sender? Check email addresses. Is the address
over 100,000 domains had been registered that contained recognizable? Is there a chance this email address has
the terms "covid," "virus," or "corona." And while many of been spoofed?
the domains may be legitimate, the team suggests all should Y Were you expecting an email from this person? When
be treated with suspicion until verified. in doubt, call. Verify that the person listed actually sent
the email.
That becomes critical as hackers ramp up efforts to gain
Y Think before you click. When in doubt, don't click on any
access through phishing emails. One study of phishing email
links or attachments. Doing so could unleash malware.
volume and COVID-19-related threats reveals that the
Y Never download anything without verifying that it
current pandemic represents the "largest coalescing of
cyber attack types around a single theme" possibly in history. came from a legitimate source. If you can't verify it,
report it to the designated department.
Now is the time for companies to communicate the Y Never share access, logins, financial data, or personal
heightened threat and the need for extra vigilance to information.
employees.
Y Implement a two- or three-part verification system.
Hackers have been known to spoof email addresses
Some phishing attempts to watch out for include: from managers, then request bank transfers. Have a
Y Official-looking emails purportedly from the Centers for process in place that requires two people within the
Disease Control or World Health Organization that company to verify by voice the request and require your
contain links financial institution to do so as well.
Y Online offers suggesting either COVID-19 treatments or Y Avoid using emailed links as much as possible.
prevention tips and products Particularly with donation requests, hackers can obtain
Y Emails asking for donations to local or national charities financial information by posing as a charity. Instead, go
directly to the charity's website and donate from there.
Y Free downloads or attachments of COVID-19 guidelines
Keep software up-to-date
Preventing breach Even the basic practice of installing regular patches and
Fortunately, the same methods for preventing breach are
ones that your company can apply right now to thwart the
increased risks.
Business continuity planning: The most effective response
to a phishing attack should begin before any attack occurs.
Build a business continuity plan that helps your company
both prevent and respond to cyberattacks or breaches.
Gather a designated team of key personnel assigned to
specific response roles and conduct tabletop exercises. Your
team can experience a breach scenario and learn how to
work under the pressure of an event. Incident response
planning, including tabletop exercises, will help your team
40 The Insurance Times, July 2020
