No matter what happens on Election Day in the USA, it will ripple through the MSP ecosystem. All significant events tend to bring out the cybercriminals, and 2020 has been a bonanza for the bad guys.
According to a Forbes article earlier this year:
There is a strong correlation between the occurrence of major regional and global events and accompanying spikes in cybercrime activity. These digital crimes usually start with social engineering techniques designed to psychologically manipulate targets into performing desired actions such as clicking on a malicious link or divulging confidential information.
Smarter MSP consulted with several experts in elections and cybersecurity and came up with a list of top cyber concerns for November:
Big news provides big opportunities for hackers
The most severe risk, analysts say, is socially engineered phishing. It doesn’t matter how many pen tests, awareness training sessions, and attachment alerts you’ve conducted. When people let their guard down after the big news hits, any preparation and testing can quickly go out the window, and hackers know this.
Whether it’s preying on people for bogus hurricane relief after a natural disaster or playing upon social sentiment, as was the case in the aftermath of the George Floyd death earlier this year, hackers know what “buttons” to push. If you haven’t done so already, convene a virtual meeting to emphasize the importance of not opening any emails related to the aftermath of the election. This isn’t a political issue; it’s a security issue. Whichever candidate prevails, there will be attempts from hackers to leverage the outcome for ransomware or malware.
Hackers know what “buttons” to push to trick people using political or #election related subjects. #MSPs must remain vigilant in protecting their customers. #cybersecurity
“Most MSPs and cybersecurity officials are focused on protecting election infrastructure, but there needs to be more attention put toward protecting businesses from getting swept up in the post-election news cycle. Lack of vigilance makes everyone a target,” says Dan Braden, a tech consultant in Fort Worth, Texas.
Experts advise that it is just as important to focus on what is not news during heavy news cycles. While everyone is hyper-focused on the election, some hackers have found success in sending more mundane messages when everyone’s attention is on the election or other significant news events of the day.
One possible example is an email purporting to be from the local girl scout troop or garden club. This might seem extra appealing when you’re buried in COVID or election news, but don’t fall for it if it looks suspicious.
Password change with the time change
Some companies are encouraging system-wide password changes twice a year when the time changes. Since this autumn’s “fall back” time change coincides with the election turmoil, you may want to consider changing all passwords this month and doing the same when everyone springs forward.
Changing passwords is like changing the locks on a door. It’s a hassle, but it does provide an easy, extra layer of protection.
Think of hacking like entering a sprawling cave system. A small, unguarded cave entrance just narrow enough to slide in on your stomach may not seem like much, but if that tunnel eventually connects to the central cave system, then the small cave is just as important as the big one. MSPs with clients that seem like they are in no way related to the election may want to do a deeper dive.
“I have one MSP that I consult for that has mainly industrial clients, and they were convinced they had no ties to the 2020 election but turns out one of their clients produced the rubber tips that are used on many election styluses. That company’s network was connected to another company that made parts to the voting machines, and those were connected to another part of the election ecosystem, and, presto, there is a vulnerability,” says Joe Kent, a consultant to MSPs in Philadelphia.
So, do an inventory of your clients’ clients and make preparations accordingly.
Financial services vulnerabilities
Whether you have clients in banking, loan servicing, mortgage servicing, or accounting, the election season provides unique opportunities for hackers. Chances are that emotions around the election will run high throughout November. There will be winners and losers and people wanting to take action, meaning that MSPs need to be extra alert.
“I can guarantee you that the financial service sector will attempt to be targeted by hackers in the aftermath of the election, no matter what happens,” adds Kent. “Hackers will feel like every business will be so distracted with either the election aftermath or a potential change in administration that they’ll exploit every opportunity to get passwords, find a weak point with brute force, or deploy ransomware. Where there is money, there is an opportunity.”
Emotions will run high around #Election2020. There will be winners and losers and people wanting to take action, meaning that #MSPs need to be extra alert. #cybersecurity
MSPs are often the only defense between vulnerable businesses and cybercriminals. The election will test all systems, including your client’s. MSPs always need to be alert but perhaps more so in the weeks ahead.
“The best, most effective weapon MSPs can deploy this November is vigilance,” Kent advises.
Photo: Prostock-studio / Shutterstock