Town Hall recap: Cybersecurity concerns on the rise during pandemic

Written on Jul 23, 2020

By Nicole Fracasso, OSCPA communications intern

If you get the feeling that the coronavirus has prompted cyber-criminals to work harder, it’s not just your imagination.

“Some of the trends we’ve seen is an increase in phishing expeditions,” said Damon Hacker, MBA, CISA, CCE, president and CEO of Vestige Digital Investigations. “We’ve seen almost double to triple the amount of phishing expeditions occurring.”

Hacker and Mike Moran, president of Affiliated Resource Group, joined OSCPA president and CEO Scott Wiley, CAE, at OSCPA’s July 16 Town Hall to discuss technology and cybersecurity in the profession.

Hacker said attacks are on the rise as a result of more people working from home during the pandemic. To help prevent attacks, he strongly recommended two-factor identification, monitoring emails for external messages, requiring s awareness training and connecting to the company’s virtual private network.

In addition, Hacker recommended having a strong email password, and he emphasized that access to an email account allows cyber criminals to wreak havoc. While the likelihood of someone guessing your password might seem low, Hacker said they can crack passwords at a rate of million a minute.

“First and foremost, as an organization make sure you’re focusing on a password policy,” he said. “Think about passphrases instead of passwords.”

Another important issue detecting when a website has malware on it.

“The easy answer is you find out when you get it,” Moran said. “But you really don’t.”

For example, Moran said he was once visiting a legitimate college sports website that gave his computer a virus. Because Moran was familiar of these kinds of attacks, he was able to contact IT and get rid of it right away. However, if he hadn’t been aware, he might have discovered it too late.

“I think user awareness training is key,” he said.

For instance, some companies send test emails to help employees to identify phishing attacks. If the employee fails to do so, they’re required to take more training.

In addition, Moran said to make sure your company has an incident response plan.

“Step one in my opinion is you have to have a communication step,” said Moran. “You need that because you need to know what you’re going to say to your customers.”

Even more so, Hacker said it’s beneficial to be aware of the technique’s cyber criminals use.

“We don’t want to believe we’re a target,” Hacker said. “But we are.”

Want to learn more? Hacker will be presenting alongside Dr. Sean Stein Smith, DBA, CPA, MBA, at OSCPA’s virtual Financial Institutions Conference on Aug. 27, register today!

Leave a comment