ESC-20 Conference Building

Cyber Security Alerts

Warning IconWatch for phishing attempts using the current COVID-19 outbreak as a pre-text.

As early as February 2020 cyber criminals were already planning on using the speculation of a Corona Virus (COVID-19) pandemic as a method of tricking computer users into going to malicious websites. These sites look like helpful links for coping with the illness and may attempt to get a user to enter network credentials to get access to COVID-19 information.  As expected, phishing campaigns using this public health threat are being launched which appear to be from the World Health Organization and other government and public health agencies urging users to follow malicious links.

Exercise the same level of awareness and vigilance when working with email whether you are working from home or from the office. 

 

Adhere to the following recommended guidelines when reacting to high-profile events, including news associated with the Coronavirus, and securing ESC-20 assets and information in general.  Working remotely may require that you take immediate action if you believe your account has been compromised or your system is infected because Tech Support will not be at your location to provide immediate assistance.

 

  • Do not enter network credentials to view news associated with COVID-19.
  • Users should exercise extreme caution when responding to individual pleas for financial assistance such as those posted on social media, crowd funding websites, or in an email, even if it appears to originate from a trusted source.
  • Be cautious of emails or websites that claim to provide information, pictures, and videos.
  • Do not open unsolicited (spam) emails or click on the links or attachments in those emails.
  • Never reveal personal or financial information in an email or to an untrusted website.
  • Do not go to an untrusted or unfamiliar website to view the event or information regarding it.
  • Verify the legitimacy of an email by contacting the sender by opening another channel of communication, do not reply to the email you are suspicious of.  See the attached Phish Button Guidance document for tips on evaluating email.
  • Ensure your systems are getting software updates and anti-virus updates from Sophos (the AV software on your ESC-20 laptop).  If you determine that your system is not getting updates create a Samanage ticket indicating your concerns.
  • Backing up project documents is essential and safeguards against numerous forms of data loss.  If you cannot reach your network drives using the Forticlient VPN application back up your files to your O365 One drive or your Google Drive.  BE CAREFUL THAT YOU ARE NOT STORING SENSITIVE OR CONFIDENTIAL INFORMATION IN THESE LOCATIONS.
    • Examples of sensitive or confidential information may include but is not limited to Personally Identifiable Information (PII – a combination of name, DoB, Social Security Number, address, phone number, email address), FERPA, HIPPA, Student Information that can be traced to an individual, or proprietary information.
  • If you do suspect that your ESC-20 network credentials have been compromised, change your password immediately.  See the attached Change Password Using Self-Service document for guidance.
    • You do not have to create a ticket to request a password change.
    • You do not have to contact tech support or call Network Services to change your password.
    • Upon suspicion of compromised credentials use AD Self Serve to change your password immediately.  Go to ESC20.net, STAFF LOGIN.  Login and select Account Unlock.  Once there you will have the option to RESET your password.  IF YOU BELIEVE YOUR ACCOUNT HAS BEEN COMPROMISED DO NOT SELECT UNLOCK ACCOUNT.  YOU MUST SELECT RESET PASSWORD.  Ensure that your new password does not resemble the one believed to be compromised.
    • After you have changed your password please notify ESC-20 Security Administrator, Mike Garcia to provide details regarding the incident and assess the need for follow up actions if needed.
 

Warning IconNew Threat—Zoombombing 

With the increase of schools now using Zoom and other videoconferencing applications and websites, not only for staff but for students, we have seen an increase in internet trolls invading public Zoom or other meeting calls (where the invitations are open) and using screensharing features to takeover a presentation and share graphic content to all participants.

 

See New York Times article for reference.

 

To mitigate against these attacks, for those hosting large or public group meetings, we strongly encourage hosts to change settings so that only the host can share the screen. For private and small group meetings, be sure password protections are enabled by default and that these are kept on to prevent uninvited users from joining.

 

The following steps can be taken to mitigate teleconference hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

 

Alert Level Legend, Green is Low, Blue is Guarded, Yellow is Elevated, Orange is High, Red is Severe.