With so many folks working from home we’ve seen a jump in the instances of cybercrime since then.
The fact of the matter is that folks are an easier target when they’re working from home, outside of the view of the IT team.
As such many companies have taken to urging employees to practice good cybersecurity habits at home and those companies include NASA.
Over the past few days NASA has noted a “new wave of cyber-attacks” targeting federal agency personnel who are now working from home. This was detailed in a memo sent by NASA and published by SpaceRef.
The memo states that NASA’s Security Operations Centre has noted the following as regards cybercrime:
- Doubling of email phishing attempts
- Exponential increase in malware attacks on NASA systems
- Double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet
“Cyber criminals have increased sending emails with malicious attachments and links to fraudulent websites, attempting to trick victims into revealing sensitive information and gain access to NASA systems, networks, and data. Lures include requests for donations, updates on virus transmissions, safety measures, tax refunds, fake vaccines, and disinformation campaigns,” reads the NASA memo.
NASA expects cyber threats and cyber attacks to continue and perhaps even get worse as the COVID-19 pandemic wears on.
As such NASA has given its employees some guidance as to how to mitigate some of the risks. While these are directed at NASA staffers, the advice is rather good and could be applied to any business.
- Use the NASA VPN, prior to beginning to work. This allows your system to leverage ALL of NASA’s security protections.
- Refrain from opening your personal email or non-work related social media on your NASA computer systems/devices. Also be cautious before clicking on links in text messages and social media.
- Keep your personal email and social media separate from NASA.
- Ensure your NASA electronic devices receive required patches and updates.
- Utilize approved and authorized software, video, and teleconferencing systems and protect access instructions to them.
- Continue to protect NASA sensitive information in accordance with NASA policies, including encrypting NASA emails containing sensitive information.
- Do not reveal personal or financial information in emails, and do not respond to email solicitations for this information.
- Review the Cybersecurity and Infrastructure Security Agency (CISA) Tips on Avoiding Social Engineering & Phishing Scams
While not every company uses a VPN, simple things like updating software, keeping business and personal accounts separate and using software expressly approved by an IT or security team, are all good ways of keeping you and your company safe.[Via – Ars Technica]