Security Breach Update
26 March 2020

How to Avoid Data Breaches While Working From HomeHow to Avoid Data Breaches While Working From Home

The COVID-19 pandemic has reshaped the way we work practically overnight, as many people are working from home for the foreseeable future. Unfortunately, hackers are taking advantage of these circumstances by increasing phishing attacks targeting home workers.

Taking action now to secure your data and keep your staff alert about threats is the best way to protect your company’s data and systems from opportunistic cybercriminals.  

According to a recent assessment, Italy saw a sharp spike in phishing scams as workers quickly shifted from in-office work to home-based arrangements. Around the globe, more than 40% of all workers are currently working from home, a significant jump even in just the past week. In addition to phishing scams, cybersecurity researchers identified a spike in malicious remote access attempts. 

Cybercriminals are taking advantage of the jump in employees teleworking to mask their activity and gain access to company data. The US Department of Homeland Security recommends that organizations remain vigilant about equipping employees to identify phishing scams and that they enable two-factor authentication to protect accounts from unauthorized access.

If we can be of service, don’t hesitate to reach out. Throughout this crisis, we are committed to keeping your company and customer information secure.

Recent Breaches

United States – Open Exchange Rates – Currency data provider

Exploit: Unauthorized database access

Risk to Small Business: Severe: While investigating a network misconfiguration, Open Exchange Rates discovered that an unauthorized user was accessing their network. Ultimately, it was determined that the hacker had been accessing their database for nearly a month, beginning on February 9, 2020, and ending on March 2, 2020. The company believes that hackers extracted sensitive user information. In response, Open Exchange Rates has disabled the passwords for all accounts created before March 2, 2020

Risk to Exploited Individuals: Severe: A copious amount of personal data was compromised in the attack, including user names, addresses, encrypted and hashed passwords, IP addresses, country of residence details, and website addresses. In addition to resetting their account passwords and updating their credentials on any other website using the same information, Open Exchange Rates is warning customers that this information can be used to execute targeted spear phishing attacks. Therefore, those impacted by the breach should carefully monitor their online accounts for suspicious activity.

Customers Impacted:  Unknown

Canada – Rogers Communications – Internet service provider

Exploit: Unsecured database

Risk to Small Business: Severe:  A third-party vendor left an unprotected database exposed to the internet compromising customers’ personal information. The breach was discovered on February 26th, and it’s unclear why it took the company nearly a month to make a public statement about the incident. Although the company acted quickly to secure the data, its reactive measures will not undo the damage to victims, nor will it mitigate the reputational damage that will inevitably follow the breach.

Risk to Exploited Individuals: Severe:  The exposed data includes customer addresses, account numbers, email addresses, and telephone numbers. Fortunately, financial information was not included in the breach. To support the victims, Rogers Communications is offering a free year of credit monitoring. In addition, those impacted by the breach are being should closely monitor their accounts for targeted phishing scams that could compromise additional data.

Customers Impacted:  Unknown

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
26/03/2020

Follow us on LinkedIn:

Related Articles:
Cybersecurity Tips for Your Remote Workers
Ransomware attacks are causing more downtime than ever before

Written by