As if the COVID-19 pandemic is not enough to handle, cybercriminals are looking to wage attacks on New Jersey business professionals.
Steven Teppler, a member of Roseland-based law firm Mandelbaum Salsburg PC, advises businesses protect themselves from cybercriminals who are preying on fears specific to the ongoing pandemic.
COVID-related phishing alerts or offers for masks or toilet paper are on the rise, and clicking on links or opening attachments exposes even protected networks to malware, Teppler told NJBIZ. For businesses, increased phishing attacks and misdirected emails pose increased risks or fraudulent wire transfers, he said.
“When employees are using BYOD – bring your own devices – there is always a risk that those devices are not well-protected,” Teppler said. “They may not be patched, or using unauthorized programs – and even where cloud computing is utilized, the risk of malware attacks is heightened. These concerns are likewise amplified for employees that use or store sensitive personal information on their personal devices — financial, personal, health care and employment information and records.”
In Holmdel, Alan Masarek, chief executive officer of cloud communications company Vonage, explained his company is taking action to help New Jersey consumers deal with the COVID-19 pandemic.
“Over the last six years, Vonage has been focused on cloud-based business communications,” Masarek said. “More than three-quarters of our revenue is around business cloud-based communications. We are set up to help companies to do what is necessary in this crisis because they have got to have people work from home.”
Vonage has 105,000 customers globally. Chief of Information Security Sanjay Macwan said that the company has a robust security approach, and that most people are working remotely.
“Security is embedded throughout the software development lifecycle and this is one of the most important disciplines of our company,” Macwan said.
Real info in real-time
For organizations that need to operate in remote environments during the COVID-19 health crisis, Vonage offers a new Instant Alert SMS service to distribute real-time updates on the pandemic from government agencies that the company will open-source and share worldwide.
The company also has a business continuity offer to enable seamless remote work, a standalone video collaboration product to facilitate one-on-one communications or cross-company meetings from multiple locations, and the ability to choose how calls are handled and routed—either with call forwarding, or to automatically redirect calls to a specified backup number when needed using call continuity.
Vonage Business Continuity is available to any business and provides up to 250 mobile-only licenses free for up to 90 days, enabling teams to work from anywhere using the Vonage mobile or desktop app.
According to the company, this minimizes business disruption and gives teams immediate access to a full suite of capabilities, including voice, SMS and team messaging.
And the products are able to be utilized across a spectrum of industries: telehealth engagements for health care professionals and online learning environments for educators, as well as connecting with customers, collaborating with colleagues, and joining contact center agents with customers from any location.
But, New Jersey business people should protect themselves from cyber criminals regardless of the COVID-19 pandemic.
“Business continuity and disaster recovery contingency plans should be in place and expanded to include remote, air-gapped (not connected to your network when not in use) backups—they should already be in place, and periodically tested,” Mandelbaum’s Teppler said.
“Adapt your business continuity policies or create one, if not to reflect circumstances such as the C-Virus,” he said. “Check your insurance policies to ascertain whether business losses arising from C-Virus-related cybersecurity issues are covered – or if they are excluded through some sort of Force Majeure provision [unforeseeable circumstances that prevent someone from fulfilling a contract.]”
For example, health care systems ensure that they are protecting themselves before breaches.
“The need to comply with HIPAA’s requirement to maintain confidentiality, integrity and availability of electronic health records is heightened during periods of crisis,” Teppler said. “Ransomware attacks can lock down a provider’s system and prevent diagnoses and treatment, meaning lives will be put in danger.”
But, perhaps the most important action a company can take, Teppler said, is to “train and keep training employees.”
“Conduct out-of-band (off-schedule) cybersecurity assessment and take appropriate actions,” he recommends. “Review and strengthen cybersecurity policies, reinforce training. Make sure that employees working from home are not using home computers. Assign remote workers with mobile devices that are both encrypted and have mobile device management programs installed, so that in the event these devices are lost, stolen or compromised, that they can be bricked (made unusable) remotely.”
He added: “Except for perhaps the military, we are in uncharted territory; expect the unexpected.”