Chippewa Valley Technical College employees, many of whom are working from home currently, found emails in their inboxes recently that looked like they came from outside the college, but they did not include the usual warning attached to outside emails that the message came from outside and the recipient should be careful. Plus, the messages invited people to click on an “important” link.
Many employees noticed something suspicious and clicked on an email program icon to report a “phishing” attack. CVTC’s information technology team was immediately on it, recognizing that was indeed what was happening throughout the college.
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising itself as a trustworthy entity. It is just one of the ways that cyber-criminals try to break into an institution’s computer systems.
The risk of such intrusion goes up when employees are working from home, according to Nate Runge, network and infrastructure manager at CVTC.
“There has been a significant rise in cyber-crimes, and it is mainly due to people being in their homes without the corporate firewalls,” Runge said. “And we’re finding that people at home are not as apt to communicate about potential security issues.”
Runge emphasized what organizations are up against in this fight. He dispels a misconception that hackers are people working on their own in the basement of their parents’ homes or in some dingy apartment.
“It’s professional organized crime, often backed by the resources of foreign governments like Russia and China,” he said. “These are people who work in big office buildings, and they know their victims are not as attached to corporate support networks as they ordinarily would be.”
Another misconception Runge wants to dispel is that there is some kind of magical program installed on computers or in corporate networks to stop all of this, though it does stop a lot of it.
“We have five primary solutions that actively defend the network and computers against attacks,” Runge said. “Just one of them, in one month, blocked 5,428 SPAM or phishing emails, 203 impersonation attacks removed 33 messages containing malicious software, and blocked 13 unsafe website URL's.”
But none of the technology behind the scenes is adequate to stop everything, Runge added. The best defense against cyberattacks is the human element. “Be a skeptic,” Runge said. “Look at what you receive and the websites you visit. If something looks odd, report it to your IT team, and don’t click on any links.”
Thomas Lange, vice president of information technology and chief information officer at CVTC, offers advice on working-from-home security:
• Take an online cybersecurity training
• Have up-to-date anti-virus software
• Only use secure wireless connections in your home
• Install the latest updates to your home router
• Securely connect and update any IoT devices on your home network such as smart lighting, doorbells, and cameras
• Do not re-use a work account password for personal accounts
• Use multi-factor authentication whenever it is offered
• Use a free service like https://haveibeenpwned.com/ to be aware of potentially compromised accounts
• When in doubt, reset your password
• If there is suspicion that you have been the target of a cyber-crime contact your employer’s IT team or individual
Runge says everyone must be vigilant, but don’t despair.
“We’re definitely giving the bad guys a run for their money,” he said. “They have to constantly change their tactics because people are watching, and IT professionals are also good at what they do. But information technology security has a zero percent unemployment rate now, because no one has enough money or enough people to be totally secure. That’s why we rely on our employees to be one of our lines of defense.”