Beware of malware as criminals take advantage of COVID-19 worries
Beware of malware as criminals take advantage of COVID-19 worries
In the wake of the global spread of the novel coronavirus (COVID-19), cybercriminals are taking advantage of the fear this has generated and escalating their phishing campaigns. The large volumes of misinformation, and rising global panic, around the pandemic mean that their efforts are likely to succeed, unfortunately.
Cybercriminals are preying on people’s worries and fears by sending emails related to COVID-19 from legitimate-looking sources, containing ostensibly useful, and critical, information relating to work policy, health alerts or precautionary advice. The combination of relevant content and an urgent tone often work to trick people into opening the email and clicking a link or attachment.
Once they’ve clicked the link or opened the attachment the recipient is either led to a spoofed website designed to steal their personal information, or their device is infected with malware, which installs itself and allows a hacker to access the information on that machine.
Often people don’t realize that their device has been infected until their security scanner picks it up or they become victims of fraud or identity theft. What makes malware particularly dangerous is that it can get onto a company network and spread to other devices in the organization.
The best thing people can do in a time like this is to educate themselves, and those around them. We’ve prepared some tips to help keep yourself, your colleagues and your organization safe:
Treat every email that you are not expecting as suspicious. Be doubly cautious of anything that asks you to click a link, open an attachment, verify your details or share information that is private and personal - like passwords and PIN numbers.
Checkpoint researchers have discovered over 4 000 domains registered globally since January 2020 related to the coronavirus, according to Global Audit Tool. This is making it harder to identify suspicious emails just based on the sender’s address as cybercriminals get more sophisticated in their efforts to look legitimate.
Spoofing legitimate sources is a common tactic used by cybercriminals. The World Health Organisation has issued a statement on these scams and is asking people to verify the validity of any requests before they do anything.
Report suspicious emails to the company being impersonated. Many larger companies have a process for doing this and will ensure their security teams investigate it promptly. The faster a company is alerted, the more quickly they can respond and intervene to warn their customers and shut down spoofed websites.
Spear-phishing attacks, which purport to be from senior people in an organization, like the CFO or CEO, use a lot of accurate detail to make an email appear real. These generally ask a person to urgently make a payment or settle an invoice. If you receive an email like this, verify it through other means before you act, no matter how legitimate it appears.
Cybercriminals are getting increasingly sophisticated in their attacks, but by being mindful - and critical - of any communications you receive, you can protect yourself and avoid falling prey to their attempts.
By Linda Misauer, Head of Global Solutions, Striata
Linda Misauer is the Head of Global Solutions at Striata and is responsible for technical Research and Development, Operations and Project Management for global initiatives. Linda previously led the Product Management of the Striata Application Platform before moving across to Striata North America as Chief Technical Officer (CTO). As Product Manager, her responsibilities included internal project management of the product development team, market research & product feature design, as well as product lifecycle management and quality control. As CTO, Linda was responsible for all technical operations for North, Central and South America, including Project Management, Support, Production and Data Engineering. Linda has over 10 years of experience in the IT industry, ranging from video streaming solutions and website application development to electronic billing and messaging. Prior to joining Striata in 2002, Linda held the positions of Chief Information Officer at AfriCam, and was IT project manager at Dimension Data. Linda studied at the University of Natal - Pietermaritzburg and holds a degree in BSc, Majoring in Computer Science and Economics. Linda also has a Diploma in Project Management.
How changing your company's software code can prevent bias
Two-third of tech professionals believe organizations aren’t doing enough to address racial inequality. After all, many companies will just hire a DEI consultant, have a few training sessions and call it a day.
Wanting to take a unique yet impactful approach to DEI, Deltek, the leading global provider of software and solutions for project-based businesses, took a look at and removed all exclusive terminology in their software code. By removing terms such as ‘master’ and ‘blacklist’ from company coding, Deltek is working to ensure that diversity and inclusion are woven into every aspect of their organization.
Business Chief North America talks to Lisa Roberts, Senior Director of HR and Leader of Diversity & Inclusion at Deltek to find out more.
Why should businesses today care about removing company bias within their software code?
We know that words can have a profound impact on people and leave a lasting impression. Many of the words that have been used in a technology environment were created many years ago, and today those words can be harmful to our customers and employees. Businesses should use words that will leave a positive impact and help create a more inclusive culture in their organization
What impact can exclusive terms have on employees?
Exclusive terms can have a significant impact on employees. It starts with the words we use in our job postings to describe the responsibilities in the position and of course, we also see this in our software code and other areas of the business. Exclusive terminology can be hurtful, and even make employees feel unwelcome. That can impact a person’s desire to join the team, stay at a company, or ultimately decide to leave. All of these critical actions impact the bottom line to the organization.
Please explain how Deltek has removed bias terminology from its software code
Deltek’s engineering team has removed biased terminology from our products, as well as from our documentation. The terms we focused on first that were easy to identify include blacklist, whitelist, and master/slave relationships in data architecture. We have also made some progress in removing gendered language, such as changing he and she to they in some documentation, as well as heteronormative language. We see this most commonly in pick lists that ask to identify someone as your husband or wife. The work is not done, but we are proud of how far we’ve come with this exercise!
What steps is Deltek taking to ensure biased terminology doesn’t end up in its code in the future?
What we are doing at Deltek, and what other organizations can do, is to put accountability on employees to recognize when this is happening – if you see something, say something! We also listen to feedback our customers give us and have heard their feedback on this topic. Those are both very reactive things of course, but we are also proactive. We have created guidance that identifies words that are more inclusive and also just good practice for communicating in a way that includes and respects others.
What advice would you give to other HR leaders who are looking to enhance DEI efforts within company technology?
My simple advice is to start with what makes sense to your organization and culture. Doing nothing is worse than doing something. And one of the best places to start is by acknowledging this is not just an HR initiative. Every employee owns the success of D&I efforts, and employees want to help the organization be better. For example, removing bias terminology was an action initiated by our Engineering and Product Strategy teams at Deltek, not HR. You can solicit the voices of employees by asking for feedback in engagement surveys, focus groups, and town halls. We hear great recommendations from employees and take those opportunities to improve.