Are you aware of the new “jobs program” targeting veterans? If hiring veterans, know about this malware threat. Protect your employees and the company.
Special alert for anyone hiring veterans! In a move that reminds us just how despicable cybercriminals can be, thieves have begun directly targeting those who put their lives on the line to keep us safe. They do so through fake job programs for veterans. Once someone takes the bait, these criminals install malware on the victim’s computer. This malicious program gives the perpetrator access. Once access is achieved, they have the power to re-direct the veteran’s actions, steal financial information, steal passwords and more.
This move hits too close to home if you or someone close is a veteran. But as an employer hiring veterans, you need to know about this threat and how it may impact you.
Marius Nel, CEO of Atlanta IT support company 360 Smart Networks hires US military veteran for roles in business IT shares some of his concerns.
What We Know About How the Malware Targets Veterans
According to current Department of Labor data, an estimated four percent of veterans are still unemployed despite a strong job market. Although highly skilled, many have physical or mental barriers acquired during their tours of duty. These may prevent them from working in their field.
Real veteran jobs programs like Google Careers, for example, connect veterans with employers who recognize the challenges but also the tremendous benefits of hiring veterans like valuable work skills, self-discipline, ability to work under pressure and working well with a team.
But now, the technology company Cisco Talos Group has found a website called Hire Military Heroes. This site offers to connect veterans with job opportunities. Once on the site, they’re prompted to download a file to update their operating systems or browsers in order to access the information. The group behind this attack is believed to be an entity that calls itself “Tortoiseshell”.
But a Larger Threat Exists
While this threat may seem straightforward and preventable with a little education, as employers we must be aware that attackers constantly change up their strategies. Not unlike you, they optimize them to maximize financial gain.
Blake Schwank, a US military veteran and CEO of Colorado Computer Support says “Today the site may be called, “Hire Military Heroes”. Tomorrow, something else.”
There are many ways that this attacker could use this ploy to gain access to the computer of a veteran or any other group. Criminals often follow popular programs, government assistance programs and the like to design their attacks, hurting the most vulnerable in the process. They pretend to be trusted companies like Microsoft.
And we’re not just talking about the veteran’s home computer. Many employees look at personal websites on work computers. This could expose the entire network to malware that could either steal sensitive data or encrypt it so you can’t access it.
But fortunately, there are ways to protect yourself.
How Employers Can Protect Themselves
It’s important to deploy a comprehensive strategy that includes things like:
- Employee education – Conduct at least an annual training on data security, including not only security protocols but also the sneaky ways that criminals try to get employees to break security rules. Encourage employees to come forward immediately if they believe they’ve been compromised. They will be embarrassed. You don’t want embarrassment to slow your ability to get an infected computer off the network as fast as possible. So be understanding. Cybercriminals are professional thieves who know how to lower your guard.
- Invest in secure backup – Back up important customer and company data on a trusted business cloud service.
- Keep your malware protection updated – Small and medium businesses are often targeted because they “can’t afford” proper virus protection and firewall. Explore your options. Weigh the risks. You can’t afford not to protect yourself.
- Centralize data – Keep data securely housed on a server behind a firewall and use a remote desktop strategy that allows employees to access data, but they can’t download anything onto their computers.
- Use tiered access – Limit employee access on a need to know basis
- Monitor, monitor, monitor – Monitor how quickly employees install system updates from trusted sources like Microsoft. Monitor how security protocols are being followed. Monitor for the presence of malicious software and act fast to quarantine it.
A managed IT company can help you effectively manage these risks to keep your veterans, all employees and your company safer.
Stuart Crawford serves as Creative Director and CEO with Sebring, FL and Fort Erie, ON-based Ulistic, a specialty MSP Marketing firm focused on information technology marketing and business development. He brings a wealth of knowledge and experience pertaining to how technology business owners and IT firms can use marketing as a vehicle to obtain success.
Share
Contributors
