Security Week: Free Security Training, Steelcase Hack

National Tax Security Week

The IRS is using their Fifth Annual National Tax Security Awareness Week (November 30 to December 4) as a platform to remind businesses to be careful of an increase in phishing scams this year because of COVID. 

“With more taxpayers and tax preparers working remotely, identity thieves are trying to use COVID-19 to scare and scam people out of their identities or money, “said IRS Commissioner Chuck Rettig. “All of us must be on guard and use the strongest security measures we can.”

Phishing campaigns are where scammers try to trick users into clicking a link that might force download malware or tracking software. 

One way scammers try to trick users into clicking is with fake domains. Research by security software provider CheckPoint revealed last summer that in just the first three weeks of June alone, scammers registered over 1,700 domains similar to Zoom. (The correct link is https://zoom.us/, by the way.) 

It’s also not just Zoom. Bad actors mimic nearly any web-based service using fake emails. For instance, meet.google.com can become meetgoogle.com or googlemeetings.com. 

Free Training

Do you or your staff need free training? 

Consider signing up for the IRS’ free events for the Tax Security Awareness Week here. The IRS provides information that covers how to protect personal and business information online, use multi-factor authentication, and protect against identity theft. 

For additional information, download the IRS PDF brochure on the event here: https://www.irs.gov/pub/irs-pdf/p4524.pdf

Steelcase Hit with Ransomware Attack

Steelcase, one of the nation’s largest office furniture manufacturers, was hit with a crippling ransomware attack that closed their operations for over two weeks last month. 

Steelcase Logo

According to a filing with the Securities and Exchange Commission (SEC), Steelcase disclosed they were victims of a ransomware attack on October 22, 2020. The attackers used a version of ransomware called Ryuk, which targets larger, enterprise software systems. 

The attacking software was able to penetrate the company’s systems quickly and shut down much of its operations for two weeks. The company had a cybersecurity infrastructure that they quickly implemented to shut down the affected systems; however, the software still cost the company millions in downtown and IT related costs. 

Steelcase has over 13,000 employees, 800 distributors and earns revenue of about $3.7 billion annually. 

The company was already struggling financially due to COVID related disruptions and costs. 

“The disruption of IT and operational services, as well as manufacturing downtime and shipment delays, translates to even greater revenue losses,” said Andrea Carcano, co-founder of IT/OT security provider Nozomi Networks in the magazine Industry Week. “In this case, it appears the Ryuk attack caused a two-week shutdown of most of Steelcase’s global order management, manufacturing and distribution systems, pushing revenues into the fourth quarter.”