CISO Update #31: December 2020
Quite an End to Quite a Year
For those who have been receiving this newsletter for a while, you’ll recall that our December update usually focuses on ways to protect yourself from holiday-themed phishing scams—and of course, that’s still very relevant this year. (Visit it.fitnyc.edu/holidayscams2017/ for some of our holiday guidelines and remember our “4 Dont’s” of phishing protection.) However, this article focuses instead on two important items in the news that will have a major impact on the cybersecurity landscape.
The first is the breach that took place at several government agencies, including the Department of Homeland Security, as well as several private companies. Many more victims will be announced in the coming days and weeks. The attack was probably carried out by a foreign government and was accomplished by infecting product updates from a well-respected network management company called Solar Winds, which has over 300,000 customers, most of which were receiving these tainted updates. Many colleges and universities use Solar Winds, but FIT does not. However, many organizations that you might do business with, such as H&R Block, Subaru, and The New York Times, do. They’ll be reaching out to you to notify you about any ways your data has been compromised, but as always, be wary of phishers who may send out fake notices on this subject too. Always remember the option to call or contact the organization via a phone number or email address that they publish, not the one included in the suspicious communication.
The second important cybersecurity story is the availability of the COVID-19 vaccine. While we are all grateful that there is light at the end of this horrific tunnel, the vaccine is a complicated issue and several different types will become available to different cohorts on different schedules through many distribution channels. Scammers have already begun to take advantage of the uncertainty and confusion to send phishing emails and host fake websites with the objectives of stealing information, planting malware, and selling fake drugs and vaccines. Here’s one article on the subject from CNN. Get your information from reliable sources, such as your doctor, .gov websites, or reputable news outlets. Be especially suspicious of claims that people can “move you ahead” in the line to get the vaccine. They will almost certainly be fake.
What can you do?
Follow “The 4 Don’ts” of email safety.
Stay informed by consuming information from reliable sources, not random emails from strangers or referred by friends.
Use known addresses and phone numbers to confirm communications about either of these two topics.
There are lots more tips available on the Cybersafe website, and we’ll continue to cover more topics via IT’s social media.
We wish you a happy, safe holiday season. Stay aware, and stay cybersafe!