Jun 11 2020

When Crisis Strikes, So Do Cyber Criminals

Opportunistic criminals thrive amid chaos. Here are tips for universities and colleges on how to stay safe from cyberthreats during times of crisis.

For cybercriminals, there’s often no better time to target victims than when the rest of the world seems to be falling apart. So, it came as little surprise that shortly after COVID-19 shut down campuses and businesses around the world, there was a spike in ransomware and phishing incidents. 

The numbers tell the story: According to Palo Alto Networks, a leading cybersecurity provider, nearly 1,800 suspicious domains with coronavirus-related names are registered every day on average. And according to email security firm Mimecast, the number of COVID-19 spam messages sent spiked by 26 percent during the first 100 days of the outbreak. 

“We normally talk about phishing as a kind of cyberattack because it takes place on computers,” says Nick Falcone, CISO for the University of Pennsylvania. “But most of the time, the vulnerability exploited is in the human recipient of the email.”

MORE ON EDTECH: Learn how to improve remote learning with virtual desktop infrastructure.

“COVID-19 has made us all more vulnerable to the kind of tricks and misdirection used by phishing attacks,” he says. “We are, generally speaking, all more tired and distressed. We are working with technology in new and unfamiliar ways. And we are interacting with trusted parties like our employers in unusual ways. All of these things make it harder to spot phishing emails.”

Unfortunately, many remote workers continue falling for these scams. Mimecast has seen a 56 percent increase in the number of URLs being blocked in response to users working from home clicking on unsavory links. Here are some tips for how universities and colleges can keep their people and their networks safe from phishing attacks.

How to Go Beyond Basic Cybersecurity

Even as the cyber landscape continues to evolve, many best practices remain the same. “Patch all of your software, use two-factor authentication on every account that accepts it,” Falcone says, “and don’t click links or attachments that you weren’t expecting — all are still standard advice.”

Still, Falcone adds, the standard advice only works to a certain point. 

“Learning safer ways to click can help mitigate those risks,” he said. “For example, opening attachments or websites using an iPhone, iPad or Chromebook can help keep exploits from attacking your computer, as there are fewer ways for a website or attachment to take over those specific devices.”

Another solution is to hold security awareness training with faculty and staff. According to Mimecast, employees who haven’t had a recent security awareness training are 5.2 times more likely to click on malicious links.

MORE ON EDTECH: Learn how higher ed IT leaders can drive digital workplace adoption.

Get the Tools That Help Prevent Phishing

Multifactor authentication and the use of strong and frequently changed passwords have always been important. But these two routine practices are even more crucial today. 

In May, the FBI and the Cybersecurity and Infrastructure Security Agency issued a warning that COVID-19 research organizations — including colleges and universities —are major targets for foreign espionage hackers

“Using a security key such as a YubiKey as your second factor instead of a texted, one-time password can help a great deal with stopping sophisticated phishing attacks,” Falcone says. “The key verifies that you are talking to the real web page before logging you in.” 

Since some phishing emails contain software that record a user’s online activities, increasing VPN capacity is another way to protect remote users from cyberthreats. However, because VPNs are not designed to handle the network connections of large remote workforces, it’s helpful to find a solution that increases VPN bandwidth. 

Above all, it’s essential to consistently update all VPN software programs with the most current security patches. While it’s impossible to completely secure a network, taking these cautionary steps can significantly reduce security risks for higher ed institutions.

SvetaZi/ iStock / Getty Images Plus