ISU’s cybersecurity chief says COVID-19 can bring online threats with more people working from home
A cybersecurity expert at Illinois State University says COVID-19 has made our workplaces less safe — from online threats.
Dan Taube is the interim chief information security officer at Illinois State University. He said businesses, schools, banks and others that had large numbers of people working from home are especially vulnerable.
“It’s not only the devices (employees) are using may not have the protections installed on the devices, but the detection of an event or an incident that we may see on our own network goes unnoticed,” he said.
Taube said security breaches often happen when one individual user or computer gets hacked, suggesting a security system is only as strong as its weakest link. He added the pandemic has also left people distracted and more likely to fall for a phishing attempt.
“(The pandemic) created a lot of noise that whenever something seemed urgent or important, you react in the moment and you are not doing the checks and balances you would normally do,” he said.
Taube said security updates should be installed as quickly as possible to stay ahead of potential hackers.
“You want to keep up to date because when an update comes out for something, it’s usually within 15 days that’s already being exploited by attackers. Sometimes it’s within a matter of hours," he said.
Taube said it's getting harder for businesses to get online ransomware protection because those attacks are becoming more frequent. He said ransomware attackers are not only demanding companies pay to not publish sensitive information online, they are contacting individuals whose personal information was compromised and insist they pay to prevent the release of the data.
Taube said as hackers become more sophisticated and elaborate in their attacks, companies have to prove their IT systems are secure. He said otherwise, they will likely have to pay a ransom when they are hacked, along with the added costs of recovery, identity theft protection and potentially lost business.
He said insurance companies will also be less likely to cover them.
“Organizations are going to be forced with the reality where they have to be better because no one is going to help them in the very near future,” he said.
Taube noted ISU pays about $50,000 annual for ransomware protection, but he expects that cost will go up significantly because of the increased threats. Taube said ISU is better prepared for a cyberattack than it's been before as the pandemic, but he cautioned that universities can't afford to be too restrictive with online access.
“We need to enable the core mission of the institution to teach and conduct research and communicate,” Taube said. “We are limited in exactly what we can do.”
Taube said consumers are generally lax about protecting their online data. He said should not use the same password for multiple accounts. He recommends using a password manager that can store passwords and generate secure passwords.
He noted scammers have also gotten better at disguising phishing attempts to look legitimate. They will share files through services people use every day, such as Google Drive, DropBox and One Drive.
He said they can also “spoof” phone numbers to make it look like they are coming your bank or another trusted source.