By Mark Gunderman, CVTC Communications specialist
Chippewa Valley Technical College (CVTC) employees, many of whom are working from home, recently found emails in their “In” boxes that looked as if they came from outside the college, but without the usual warning that the recipient should be careful of external communications.
Plus, the messages invited people to click on an “important” link.
Many employees noticed something suspicious and clicked on an email program icon to report a “phishing” attack. CVTC’s information technology team took immediate action, recognizing that was indeed what was happening throughout the college.
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising itself as a trustworthy entity. It is just one of the ways that cyber-criminals try to break into an institution’s computer systems.
Risks higher when working from home
The risk of such intrusion goes up when employees are working from home, according to Nate Runge, network and infrastructure manager at CVTC.
“There has been a significant rise in cyber-crimes, and it is mainly due to people being in their homes without the corporate firewalls,” Runge said. “And we’re finding that people at home are not as apt to communicate about potential security issues.”
Runge emphasized what organizations are up against in this fight. He dispelled a misconception that hackers are people working on their own in the basement of their parents’ homes or in some dingy apartment.
“It’s professional organized crime, often backed by the resources of foreign governments like Russia and China,” he said. “These are people who work in big office buildings, and they know their victims are not as attached to corporate support networks as they ordinarily would be.”
No ‘magical program’ to use
Another misconception Runge wants to dispel is that there is some kind of magical program installed on computers or in corporate networks to stop all of this, though programs are able to stop a lot of it.
“We have five primary solutions that actively defend the network and computers against attacks,” Runge said. “Just one of them, in one month, blocked 5,428 SPAM or phishing emails, 203 impersonation attacks, 33 messages containing malicious software, and blocked 13 unsafe website URLs.”
But none of the technology behind the scenes is adequate to stop everything, Runge added. The best defense against cyberattacks is the human element.
“Be a skeptic,” Runge said. “Look at what you receive and the websites you visit. If something looks odd, report it to your IT team, and don’t click on any links.”
Advice on working securely from home
Thomas Lange, vice president of information technology and chief information officer at CVTC, offered advice on security while working from home:
- Take online cybersecurity training;
- Have up-to-date anti-virus software;
- Use only secure wireless connections in your home;
- Install the latest updates to your home router;
- Securely connect and update any IoT devices on your home network, such as smart lighting, doorbells and cameras;
- Do not re-use a work account password for personal accounts;
- Use multi-factor authentication whenever it is offered;
- Use a free service like https://haveibeenpwned.com/ to be aware of potentially compromised accounts;
- When in doubt, reset your password; and
- If there is suspicion that you have been the target of a cyber-crime, contact your employer’s IT team or individual.
Runge says everyone must be vigilant, but shouldn’t despair.
“We’re definitely giving the bad guys a run for their money,” he said. “They have to constantly change their tactics because people are watching, and IT professionals are also good at what they do.
“But information technology security has a zero percent unemployment rate now, because no one has enough money or enough people to be totally secure,” he added. “That’s why we rely on our employees to be one of our lines of defense.”
NOTE: Gunderman can be reached via email at mgunderman1@cvtc.edu.