The coronavirus and cybercrime
Advice on staying cyber safe during the COVID-19 outbreak.
With so many of us working from home since the outbreak of the coronavirus, it’s everybody’s responsibility to be vigilant and ensure we continue to protect the Firm from the threat of cybercrime. The Reporter spoke to Chief Information Officer Tony Cordeiro and Security & Business Continuity Manager Schahzad Sharif, to find out more.
With much of the world in lockdown following the outbreak of COVID-19, you’d be forgiven for thinking cybercrime has been put on hold.
However, you’d be wrong. As with any major incident, cybercriminals are adept at turning a global crisis into an opportunity to scam people out of money or to hack into company networks and steal information.
The cost of a security breach to the Firm could be much more damaging to our reputation, given the confidentiality of the client data we hold.
“…the impact of a hacking incident can be devastating and long-lasting.”
TONY CORDEIRO, CHIEF INFORMATION OFFICER
Tony explains: “As several companies, including legal firms, have found out in the past, the impact of a hacking incident can be devastating and long-lasting.
“That’s why the security we have in place and the apps we use are so heavily tested and robust, but we still rely on our people as our first line of defense, should a threat get through the perimeter. One click from one person can make us vulnerable.”
While the Firm’s cybersecurity is first class, cyber criminals are constantly developing new methods of breaching digital defenses and legal firms are a prime target because of the information we hold on behalf of our clients.
Tony says: “In the past 24 hours alone I received two emails claiming to contain urgent advice on COVID-19 – one offering testing kits, the other promising accurate local information on the spread of the virus.
“In one case, the email seemed official but, by simply hovering over the link or checking the email address of the sender, it was clear it was a phishing scam. The other had a PowerPoint attachment inviting me to view local pandemic assessment data. Both looked suspicious, so I sent them on to our Security Operations team for analysis.”
Tony’s advice is for all employees to be wary of emails related to COVID-19 purporting to be from official sources regarding things such as stimulus package claims, testing kits, airline refunds, cures and vaccines, or appeals for charitable donations.
In all cases, check the email address or link and carefully verify it against the official website of the organization it claims to come from, including checking for spelling errors.
If the email is suspicious, do not open it or click on any links, but instead forward the suspicious email to SPAM@whitecase.com by hitting CTRL+ALT+F.
“By reporting the emails rather than just deleting them,” says Tony, “we can trace emails that have been sent to others in the Firm and delete them before others see them.”
“It’s also important to continue using only Firm-approved software, apps and file transfer services because we’ve chosen these based on their high levels of security.”
SCHAHZAD SHARIF, SECURITY & BUSINESS CONTINUITY MANAGER
Schahzad also stresses the importance of using a Firm device while working from home and to connect it via the Cisco AnyConnect VPN or to use Citrix.
He comments: “If you’re using a Firm computer and have logged on to Cisco AnyConnect VPN, the level of security is as good at home as it is in the office, so please use it at all times. The same applies for Citrix.
“It’s also important to continue using only Firm-approved software, apps and file transfer services because we’ve chosen these based on their high levels of security.
“So, while it’s tempting to use apps like Zoom, Dropbox, Google Docs or Google Hangouts, please stick to Firm approved enterprise-grade services such as Blackberry Workspaces and Webex (which now offers an improved Zoom-style experience).
“When printing paper documents at home, please make sure you don’t leave them in a place where others might read them and be sure to destroy them properly when no longer needed.”
Schahzad also warns people to be aware of the threat of home listening devices and to switch them off during confidential calls.
“Smart voice-activated devices with internet connections such as Alexa, Google Assistant and Ring offer hackers the potential to eavesdrop on your phone conversations so, if you’re on a work-related call, we recommend you unplug them or turn them off completely.”
Maintaining optimum cybersecurity is as vital as ever, so ensuring our computers are up to date with the latest software patches is also important.
Tony says: “You’ll be familiar with the need to install updates on your computer, but I’d like to reiterate the importance of installing them when prompted, so we’re well protected against all the latest threats.
“Obviously the virus pandemic has impacted us all but, thanks to preparedness, our people are able to work at home safely without compromising security.
“However, we rely on you to maintain good cyber hygiene so please make sure you stay safe, both personally and at work.”
For more information and support, visit the Technology page on Connect and, if you receive a suspicious email, press CTRL+ALT+F to email it to SPAM@whitecase.com
