Interview with Jeff Bedser, President and CEO of iTHREAT by Tony Connor, Director of Product Marketing, Public Interest Registry
The COVID-19 pandemic of 2020 is affecting society in ways that we could not have predicted. The crisis has revealed, in particular, an important lesson about cybersecurity and how vital it is in times of prolonged vulnerability. The Harvard Business Review (HBR), www.hbr.org, reported that as of only May, 2020 “…cyberattacks had increased at a rate of three to five times” compared with before the pandemic.
How do .ORGs protect their data, finances, and even existence when there are criminals who will take advantage of a global crisis? We talked to PIR Board Member and iThreat CEO, Jeffrey Bedser, to understand more about the risks and how to combat them as the pandemic continues unabated in many places around the world.
Q: How is the pandemic impacting the cyber world?
A: World events and world tragedies are always taken advantage of by cyber fraudsters. Whether it be the Christchurch shootings in New Zealand, Hurricane Katrina in New Orleans, Earthquakes in Haiti, tsunamis in Japan—every time there’s a world event that targets a lot of people, you’ve got waves after waves of fraud that come during different phases of the world event.
Q: How has that played out with the COVID-19 epidemic?
A: So, with COVID, early frauds were about protective gear, selling people masks and respirators that didn’t exist. I helped some of my clients working in the infrastructure space take down websites that were selling respirators below market price at a time when hospitals couldn’t get respirators for ten times market price. This has been followed by recovery scams, fraud related to stimulus checks,unemployment benefits, and promoting fake cures.
Q: Nearly every organization moved its employees out of the office and asked them to work from home. How has the move to remote work affected cybersecurity? Are there new vulnerabilities to businesses and organizations, and, if so, how should they address them?
A: If employees are using organizational computers that are not behind the organization’s firewall, there is certainly risk there. And, if it’s a smaller company where employees use their own home computers, who knows what the exposures are? Who else in the household is also using the computer, and for what? To combat risk, organizations should look for a reputable password manager and virus scan software. Also, Virtual Private Network (VPN) services allow you to log in through the organization’s network, which means your protections are on every transaction.
Q: What do you suggest for small .ORGs that may lack the resources to set everyone up with a computer at home?
A: I’d say consider picking up an [affordable] ChromeBook for employees. ChromeBooks have fewer ways to be infected because they are browser-based laptops that aren’t as sophisticated as Macs or PCs. So, there are fewer things to target with Chrome. Also, nothing is stored on the computer. It’s all on the cloud.
Q: What are some practical strategies to ward off cyberattacks during this time?
A: My best advice? If you don’t recognize it, don’t click. If it’s “fishy” and looks like it may be a “phish,” look at it closely. If something seems suspect, look at it closer, then delete it. Don’t blindly trust. There are people out there right now who will monitor LinkedIn and other social media to see when there is a new finance leader at an organization and send a fraudulent email that appears to be from that person’s boss. They might say, “I need you to transfer $50,000 to such and such account.” Always call and verify.
Q: How might the dramatic increase of use of virtual platforms during the pandemic impact security?
A: Zoom, Slack, Teams, Blue Jeans, Skype…we all have so many new ways to connect now. I actually don’t think it opens us up to too much risk. I think it reduces risk in some ways. In the beginning there were issues when platforms hadn’t yet shored up their security, and you got things like “Zoom bombings,” which, to me, is basically cyber “graffiti.” I think the move to video conferencing is good. We’re held much more accountable on Zoom—face-to-face interaction requires you to engage and make eye contact. It improves security because you know who you’re talking to.
Q: Thank you so much for your time and expertise. Anything else .ORGs should know?
A: COVID has demonstrated you can have sustained fraud over a much longer period of time. This is not a flash in the pan. It’s about sustainability—how long can these frauds last and how many victims can be taken down before they’re dealt with? COVID has opened up the conversation about new policies and protocols and advanced the agenda on cybersecurity, which is a good thing.