As utilities exercise business continuity plans with staff working remotely during the coronavirus epidemic, it is important to include reminders to increase cyber vigilance and hygiene during this time as attackers are leveraging our heightened concern and curiosity to spread malware and other scams. Similar to vacation and holiday seasons when cybersecurity/IT staff may not be immediately available, an uptick in cyber attacks are likely to be met with less resistance during this time. Along with general guidance and workplace practices for dealing with coronavirus, employees should also be made aware of the multiple vectors, including phishing and malicious websites, that cyber threat actors will use to leverage our curiosity and concern as we seek situational information. Email is not the only tactic being used to impersonate well-known authoritative information. Employees should be reminded to use extreme caution when searching for information online about coronavirus. There are many domains and websites with fake promises of vaccinations and also websites emulating trustworthy resources, such as a fake website portraying the likeness of the John Hopkins University coronavirus spread heat map. Furthermore, with business continuity plans enacted with staff working remotely, there is no better time than the present to enhance technology monitoring and ensure that virtual private networks and other remote access systems are fully patched, as recommended by the U.S. Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) in the CISA Insights - Risk Management for Novel Coronavirus (COVID-19). Read the brief at UtilityDive
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!