Nonprofit organizations around the country have been faced with a sharp increase in cybercrimes. Sensitive organizational data is at risk, making understanding these threats a critical part of risk management. A new threat has emerged in 2020 in the wake of many organizations’ switch to remote work for employees and volunteers. Called “vishing”, this scam has the potential to wreak havoc on your operations.
What is Vishing?
Cyber criminals have long used a technique called “phishing” to gain access to business networks by sending employees emails asking for login credentials. The emails appear to come from official sources. Vishing (“voice phishing”), on the other hand, utilizes internet-based phone services to spoof unsuspecting individuals. Scammers will pose as an organizational manager, a bank executive, or some other person of authority. They may even fake Caller ID information to make the call appear legitimate. Then, they ask for personally-identifying details such as account and Social Security numbers or passwords. With this information, criminals can open fraudulent accounts or drain the assets of a targeted organization.
Defending Against Vishing
A joint taskforce composed of the FBI and the U.S. Cybersecurity Infrastructure Security Agency (CISA) issued an advisory alert in 2020 to let employers know about vishing and what to do to protect sensitive data. Among the tips shared by the taskforce are:
- Restricting Virtual Private Network (VPN) connections to managed devices only; in other words, not allowing remote access to organization networks from employees’ personal computers or smartphones.
- Where personal computing devices must be used for VPN access, these devices must be configured with security certificates and software before use.
- Taking an active role in scanning network activity for unauthorized breaches or attempts to gain access.
- Monitoring web domains to spot changes to branded domains, such as the creation or modification of these domains.
- Implementing two-factor authentication for computer network access and telephone communications. The task force recommends authenticating phone calls before any sensitive organization information is discussed or shared.
Most importantly, training employees is the key to preventing many cyber crimes. Engage employees and volunteers with training on topics like:
- Network security
- Safe computer security practices
- Phishing/vishing spoofs
- How to avoid becoming duped by a seemingly legitimate phone call or email
By conducting training, you are better able to protect your organization’s mission critical data and assets. Cyber crime is not going away, and organizations must recognize these crimes’ potential for business interruption, data breaches, and negative financial ramifications.
Volunteers Insurance Service Association, Inc. (VIS) was established in 1972 for the purpose of providing insurance and risk management services for volunteer-based organizations. In addition to still providing these insurance services today on a nationwide scale, we have expanded to provide noninsurance resources for members to manage their risks and improve their operations. By transferring the volunteer risk exposure to our program, we can help you protect your organization. Contact us today at (800) 222-8920 for more information on our programs and services. Join now!