By Marla Durben Hirsch, contributing writer
It’s hard enough for physicians to operate their practices. But in recent weeks it’s gotten tougher as small businesses are being specifically targeted by criminals.
There may be malware in your router.
The Federal Bureau of Investigation (FBI) released a warning on May 25 that foreign cyber actors had compromised hundreds of thousands of small office and home routers with malware known as VPNFilter. The malware can render the router inoperable. It can also collect information, exploit devices, cut off internet access and block network traffic.
The warning is related to a Department of Justice (DOJ) investigation of the cyberattacks. The DOJ obtained a court order on May 23 enabling the government to seize a domain that’s part of the malware’s command and control infrastructure. The infection will then be redirected to an FBI-controlled server, which can then capture information about the perpetrators and help identify victim devices.
The FBI recommends that the routers be rebooted to temporarily disrupt the malware and aid in the potential identification of infected devices. Note that the routers can still be reinfected after the reboot, so the FBI also suggests that router owners consider disabling remote management settings on devices, securing the routers with strong passwords and encryption when enabled, and updating to the latest available versions of router firmware.
Several router manufacturers have issued their own instructions to deal with this malware threat. For instance, Linksys provides a link to its latest firmware update and recommends that passwords be changed periodically. If an owner believes that his/her router has been infected, Linksys also recommends that the owner perform a factory reset of the router.
FTC: Watch out for scammers
So many small businesses have been taken advantage of by scam artists that the Federal Trade Commission (FTC) launched “Operation Main Street” with the Better Business Bureau and law enforcement on June 18. Operation Main Street will educate small business owners on how to recognize and prevent scams. The guidance lists some of the most common scams, such as:
- Imposters claiming to be from the government or the utility company
- Fake invoices
- Unordered office or other supplies
- Directory listing and advertising scams
- Tech support scams
- Offers to change online reviews
- Credit card processing scams
The FTC flags the tactics that scammers use, such as using untraceable payment methods like wire transfers; pretending to be someone trustworthy, perhaps from a company you may know; and creating a sense of urgency, so you make a quick decision before checking out the situation.
Some of the protections the FTC recommends small offices take include:
- Verify invoices
- Secure files, passwords and financial information
- Make sure that employees are familiar with the scams
- Don’t believe caller ID or email/web addresses
- Have a clear procedure for approving expenditures
The FTC also recommends that businesses report any attempted scams to the government.
To protect your practice as much as you can, follow the instructions in any relevant warnings.
And to make sure you’re on top of these warnings, sign up for email alerts from the United States Computer Emergency Readiness Team (US-CERT).