You are not logged in to CompQuantum.com View Login, Logout and Profile


Click to return to blog page

COVID-19 & Internet/Email Scams - Data Theft

The March 20, 2020 Newsflash mentioned a scam reported by various clerks of court. With remote work exploding in response to the COVID-19 pandemic, the risk of cyber theft has too.

In an effort to keep you aware and, hopefully, safe, I am starting a second COVID related regularly updated post on security threats. If you hear about any scams I'm missing, please send a report to incode@compquantum.com.

CYBER SECURITY ALERT FOR 03/22/2020:

1. As reported in the 3/20/2020 Newsflash, several clerk of court websites contain a variation on the following from the Caddo Parish clerk:

Please be aware that there are several telephone scams floating around these days, either asking for money to keep you out of jail because of a warrant or claiming that you failed to report for a trial. If you are chosen for a jury, you will receive a summons in the mail from Sheriff Prator. The only contact you will have with a Deputy Sheriff is in person, and he or she will be in a uniform driving an official vehicle. A Deputy Sheriff will never ask for money over the telephone.

2. There were several security alerts featured today on the Kim Komando radio show and on her website. They include:

3. Look here for an announcement on a remote office cybersecurity CLE. If we can manage the logistics, I'd like to schedule one this week.

4. A sudden mass transition to remote work multiplies your risks. Thieves know it. Here is an article discussing the problems you and your IT people face in the days and weeks ahead: What Are The Cybersecurity Issues With Remote Work.

UPDATE - 03/23/2020

I'm working on a remote office security CLE that hopefully will be presented within the next few days. Check here for updates.

In that regard, my brother-in-law - a Microsoft engineer - offers the following basic observations:
There are kind of three parts:

1) Securing corporate infrastructure
2) Securing clients (PCs and Phones)
3) Securing the connections between the two

This does not change whether working from home or working from the office. The era of the corporate intranet is over. Corporate assets are assumed to be “exposed” to the rest of the world. (I.e. expect attacks on their attack surfaces.) As a consequence, working from home presents no new challenges.

For securing clients, some PCs are more secure than others. Comes down to being able to attest to the legitimacy of the code that is running on the client. (Starting with the firmware and going up through the boot Chain) Present start of the art might be the recently announced secure core PCs. Surface Pro X is an example of one meeting the target specs. Let me know if you want more details on what it takes to be certified at this level.

Once the infrastructure and the clients are both secure, they can establish secure communications between themselves. Services like Microsoft Intune are used for making sure the clients are secure before enabling them to access the infrastructure.
I'll be adding more soon about specifics relating to hardware and operating system architectures.

Posted: March 22, 2020