Cybersecurity risks multiply during a pandemic
As coronavirus pushes people to isolate themselves from others, businesses and their employees are relying more on the internet than ever before. But in this brave new world, ChristianaCare Chief Information Security Officer Anahi Santiago warns that it’s creating a thriving environment for hackers and scammers.
“It’s just an attractive opportunity,” Santiago told the Delaware Business Times. “Any time there’s a special event, these attackers latch on and try to lure people to websites, emails and even phone calls. With COVID-19, the entire world is paying attention to it and threat actors are leveraging that.”
Santiago, who served on the federal Healthcare Sector Coordinating Council’s Cybersecurity Working Group and on the eHealth Initiative’s advisory board, said she’s seeing an unprecedented volume of cyber-attacks.
March saw a 350% increase in phishing scams, or hackers sending emails or texts posing as a legitimate source in a bid to get personal information. In particular, Santiago said there’s phishing scams posing as the Red Cross looking for donations and the World Health Organization sharing information.
With the workforce moving online, she suggests that businesses think about how their employees are working and to work closely with cyber security experts on staff.
“Work very closely as you’re making rapid decisions to support your business that you have your security guiding you on best practices,” Santiago said. “If you form those partnerships, you can go a long way in understanding what the risks are and what controls you should put into place.”
Businesses and staff should also stay on top of the latest scam and scrutinize the emails they receive, she said. Practice regular data backups on home computers so employees don’t lose their personal data as well as business data, she said.
Santiago also warned with the rise of video conferencing tools like Zoom and Microsoft Teams, hackers are starting to break into calls.
While the Federal Bureau of Investigation highlighted a case where a high school teacher’s virtual class was disrupted by an unknown person yelling profanities, Santiago sees a potential for more than shenanigans.
“There’s no reason why those same attackers could not just dial into a conference call and listen right and potentially steal sensitive information,” she said. “There’s articles out there that show hackers can use the chat function to send malware or steal credentials.”
For small business owners who may not have resources to hire cybersecurity firms, Santiago stresses to stay informed on what scammers are trying.
“Making sure your employees are aware is the first line of defense,” she said. “Ultimately, even if you invest a ton in technology, often [all it takes is] one click for somebody to fall for something.”
By Katie Tabeling