A “novel” virus is one that has not been previously identified, according to the Centers for Disease Control and Prevention.[1]  In 2000, like the COVID-19 virus that was officially named on February 11, 2020, the ILOVEYOU virus became a global pandemic for data systems.  Within days, millions of computers were infected as the virus compromised files and caused widespread email outages.  The virus appeared in inboxes as fake messages with infected attachments:

Since then, scores of novel viruses have been deployed as destructive malware.  The ILOVEYOU virus, MyDoom worm, SOBig spam, and WannaCry ransomware alone are said to be responsible for $95 billion in financial damages.  As a result, anti-virus software has become a multi-billion-dollar, must-have computer program, and cybersecurity has become a multidisciplinary industry fighting an evolving threatscape.
Continue Reading Is Your Incident Response Plan Ready for Novel Computer Viruses?

Businesses are instituting widespread remote work policies and procedures to facilitate social distancing and “flatten the curve.” Enterprises simultaneously need to be mindful of increased data privacy and security risks. The risks can range from pandemic-related phishing emails to increased pressure on network architecture to well-intentioned employee shortcuts. Hackers will try to take advantage of

In late January, the U.S. Department of Health and Human Services’ Healthcare & Public Health Sector Coordinating Council issued a new cybersecurity guidance document for healthcare businesses of all sizes. The guidance document, entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” available at https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx, provides concrete and practical guidance for addressing what the Council has identified as the “most impactful threats . . . within the industry” and serves as a renewed call to action for implementation of appropriate cybersecurity practices. This document is critical reading for healthcare business managers faced with ever-increasing cybersecurity risks and the attending risks to patient safety and operational continuity, business reputation, financial stability, and regulatory compliance.
Continue Reading HHS Issues Practical New Cybersecurity Guidance for Healthcare Businesses of all Sizes

Until recently, hackers have had limited success stealing Two-Factor Authentication (2FA) PIN and token information.  Unfortunately, a tool has been released that will now make it much easier for practically any bad actor to bypass many implementations of 2FA:

https://www.zdnet.com/article/new-tool-automates-phishing-attacks-that-bypass-2fa/

This does not mean we should stop using Two-Factor Authentication (2FA). We should still use