Be on Guard Against Cyber Crime Following a Natural Disaster
Here’s what to watch for.
After a disaster, cyberattacks are often in the form of phishing emails attempting to lure individuals into making a donation to a bogus nonprofit purportedly assisting victims. Typically, the goal is to obtain and then sell credit card numbers.
When you receive solicitations for donations after a disaster:
- Always be skeptical and use caution when opening an email or responding to a phone call asking for donations
- Inspect any links before clicking
- Rather than making a donation through a link in an email or over the phone, go directly to the nonprofit’s website
Protecting Your Nonprofit’s Network
If your nonprofit’s disaster plan involves the use of backup systems, be aware that cybercriminals often attempt to exploit backup environments when utilities go down.
That’s because backup systems often lack the security protections that exist in a live environment. For example, firewall protection may not mirror the live system, and servers and other systems may not be updated with current patches. This opens a number of security holes.
Environments are further at risk if controls are temporarily switched off to allow for continued operations. One example is multi-factor authentication that allows for system access from a set list of IP addresses. If employees need to work from evacuation locations, a limited list of the normal IP addresses will prohibit access. To resolve the issue, the IT department may turn off the validation list to keep things running.
While there’s not much you can do once disaster hits, you can plan ahead by ensuring that your organization’s disaster recovery plan addresses:
- How and when backup systems are patched
- Whether security for backup systems is equivalent to primary systems
- Pitfalls that might be encountered, such as IP address restrictions
These are just a few areas of concern. Contact us at firstname.lastname@example.org with any questions, and remember to not let your guard down even when the power is down!
Lisa is a partner at Traina & Associates, a CapinCrouse company. She uses her more than 30 years of experience to assist organizations in implementing measures to secure data and manage risks efficiently and effectively. She is a nationally recognized speaker and author, and serves on the AICPA Cybersecurity Task Force. Lisa founded Traina & Associates in 1999 to provide IS security services to a broad range of industries. Traina & Associates joined CapinCrouse in January 2017.