You can’t avoid them by social distancing. You can’t kill them with disinfectant wipes. You can’t even see them under a microscope. They’re the cybersecurity threats spawned by malicious hackers taking advantage of the COVID-19 pandemic.
Cyber criminals have long used major news events as prime opportunities to take advantage of society’s collective fear and need for critical information. While it is a necessity under current conditions, and likely to remain a necessity in both the short and long-term future, the work from home dynamic creates a very opportunistic situation for hackers and phishers. The U.S. Department of Homeland Security has addressed the significant rise in coronavirus-related phishing attacks.
The combination of companies rushing to get employees connected, traditional office workers now working remotely, and businesses not properly protecting themselves with a complete Work-From-Home (WFH) solution has left workers (and their data) more vulnerable than ever.
Here are some recommendations for those of you wondering ‘how can I protect myself, my organization, and my customers from cyber attacks’:
Build a Complete Work From Home Deployment
The urgency to work remotely has caused many decision makers to pull the trigger on “quick fix” partial solutions that enable rapid remote work. Often, an initial work from home setup lacks critical components that leave gaps in connectivity, security, or the physical environment itself. A full work from home solution is comprised of multiple pieces – mobile threat defense, unified endpoint management, email security, multi-factor authentication, identity and access management, and secure VPN. Help your customers consider these areas by asking what their current WFH deployment looks like, and helping them identify the missing pieces. Having these technologies in place lays a solid foundation for securing an entire company, it’s data, and that of it’s employees.
Lookout for Scam Emails
Coronavirus-themed phishing emails can take many different forms. Cybercriminals are sending emails designed to look like health advice notifications, workplace policy announcements, and even stimulus check confirmations. During this period, people should take extra care. Encourage your customers to stay alert. Something all your customers can do is to add a header banner alerting the recipient that the email came from outside of their organization. Of course, if you are managing their email services for them, you should do this on their behalf. Here’s a link to a simple process that works with Office 365. Online consumers can stop cybercrime before it happens by checking the email sender’s address and attached links without opening them. Avoid all requests for money transfers or sensitive information without talking to the person to verify it. Be on the lookout for spelling errors, generic greeting like “Good Afternoon Sir,” and urgent requests.
Keep Work Data on Work Computers
It can be tempting to use your personal computer for work while you’re home, but this is a risk for both you and your employer. Most likely, your organization has an efficient IT team that’s installing regular updates, running antivirus scans, and blocking malicious sites. It’s uncommon for these same protocols to be followed when using your personal computer and unfortunately common for a loved one or a child to accidentally open or click on a link that they should not have clicked on. For example, if malicious codeforce-installs a key-logging software on your unsecure computer, a hacker can easily obtain passwords to your company’s most sensitive business systems. So, when talking to your customers, be sure to ask them what their physical desktop setup is from home, emphasize the importance of utilizing work computers in place of personal ones, and offer them guidance on the desktop accessories that can help increase productivity. Moreover, a dedicated LTE Connection for an employee’s work computer can help eliminate potential threats from network attacks. If a home network were to be compromised, having a dedicated LTE connection on the work computer would complete mitigate the threat to any corporate data.
As the latest news about COVID-19 evolves, so does the threat of phishing attacks that exploit it. Companies seeking to protect themselves should consider these recommendations to help better spot scams as well as advance phishing defenses that could minimize the number of attacks making their way to inboxes. To take next steps on deploying solutions that can help your customers protect against phishing attacks, reach out to 3Eye.
The world is a strange place right now. Solution providers and their customers are being forced to change their behavior. The coronavirus is altering the way we engage with customers, putting a stop to traditional forms of marketing like tradeshows and customer visits. Buyers were already trending toward digital media as their preferred route of communication when making a purchase, but now they have no alternative. Even for us in the IT channel, who live in the digital domain, this is a great challenge.
As the normalcy of working from home settles in day by day, solution providers must attempt to strike the right chord with their customers if they choose to venture into digital marketing in a quarantined world. I am sure everyone has received their fair share of cringeworthy, tone-deaf emails throughout the last few months. I have also seen creative, unique promotions that genuinely entertained me or helped me solve a problem that otherwise would have been ignored. The channel can be a difficult medium to navigate digitally as a marketer in general, but now it is more complicated than ever. Here are some tips on what to do (and not do) when marketing during the coronavirus outbreak:
1. Do: Be helpful and supportive
The best thing a solution provider can do right now is provide something of substance to help their customers who are in need. This could come in many forms: identifying which of your vendors offer extended no-cost licensing during this crisis, providing critical solutions that are essential to healthcare institutions or improve one’s ability to work from home, or just being educational and informative when messaging to customers. Make sure you first identify what your company innately can do to help, then allow that answer to influence your tone and overall digital presence.
2. Do Not: SELL! SELL! SELL!
Now is not the time for aggressive selling. Offers that ignore the present circumstances entirely and go straight to all-caps promotional offers come across as completely tone-deaf and inhumane. Customers are more likely to respond to a message that acknowledges the world we are all currently living in, as opposed to one that ignores it entirely to push a product.
3. Do: Build a sense of community
There is one thing that all of us have in common right now – our everyday lives are much different than they were two months ago. Solution providers have an opportunity to relate to customers by embracing our collective change. We can learn from consumer brands like NIKE and IKEA, they have been successful in creating a feeling of togetherness by acknowledging the circumstances and incorporating personality into the content they produce during quarantine. This is one area that the IT channel is uniquely positioned for. For many solution providers, there is no shortage of “partners” out there to work with – hardware and software vendors, distributors, and customers across a vast variety of industries. Lean on this network of channel partners for collaboration in videos or highlight specific individuals to give your promotions a more personal feel.
4. Do Not: Schedule ahead and forget
The easiest mistake to make when content planning is now more critical to avoid than ever before. With how rapidly things are changing, it is important for solution providers to be flexible and adapt to the environment around them. Content plans that were made pre-2020 must be altered and traditional activities must be replaced. Do not hesitate to make proactive changes – you may have allocated MDF and Co-Op from your top vendors to support tradeshows, tabletops or lunch & learns that have now been cancelled. Instead of losing those funds entirely, prepare creative ideas for reallocation – video podcasts, online happy-hours with giveaways, or product donations for front-line workers.
5. Do: Be different and (try to) entertain
Unique circumstances call for unique ideas. Standing out is rarely a bad thing when it comes to digital marketing. Knowing that the majority of customers are spending hours of every day at home on their phones, scrolling social media or checking email, it’s not a bad thing to try to give them something to smile at and pass the time. Finding the right mix between normal and fun could be the key to unlocking a new audience that could become customers in the long-term.
6. Do not: Be cliché
I have received countless versions of the “Our Response to the Coronavirus” email, and after the first two or three I just started deleting them one by one. They typically all have the same common characteristics: too corporate-sounding, too bleak or negative, too many buzzwords and not enough substance. Solution providers should not feel pressured into producing digital content unless they are confident and comfortable in the message they send. Be personable, thoughtful and avoid generic messaging – we’re all bored enough already.
Solution providers now have a unique opportunity to strengthen customer relationships through creativity. As time passes, digital marketing will play an important role in restoring normalcy to our everyday lives. There is not just one perfect way to do it, but by spending some extra time honing in on what you can do to help, entertain, or bring people together, you can still have an impactful presence in the lives of your quarantined customers.
Disruption. A word commonly used in the tech world that carries a positive connotation regarding the change in status quo. Fail Fast. An expression commonly used in the tech world that embraces failure as a guiding direction, allowing navigation towards success. Pivot. Yet another word commonly used to describe a change in business direction, usually followed by Fail Fast. The above-mentioned have been used for years to help encourage risk-taking and spur innovation but it’s been used as a directive from leadership in organizations that focus on such things. Now, globally, companies are being forced to do so without first having the opportunity to prepare themselves for such a journey. Disruption, in this case, is seemingly terrible. Even moreso, it’s nearly impossible to Fail Fast if you weren’t prepared and never planned for a secondary or even tertiary strategy. It just feels like failure. So, how do you pivot and in what direction do you do so?
Many companies are now struggling with a directive that forces employees to work remotely when there was not a cohesive plan in place to execute this and there are many items that need to be addressed before being able to do this well. How do your employees remote into a secure connection to transmit sensitive company data? Should everyone have the same access once they do remote in? What’s the best physical setup for an employee to work from home? How do you manage BYOD devices? What do you do about external threats? How do you protect company data? How do you protect against internal data exfiltration? This could all seem very daunting if you’ve never before looked into these topics but there are specific steps you can take to deliver a comprehensive and safe work from home solution.
According to the Information Technology Laboratory (ITL) and the National Institute of Standards and Technology (NIST), guidelines have already been established. And while the Guide to Enterprise Telework and Remote Access Security was created nearly a decade ago, these standards still hold true today. Any business can use this guidance as a roadmap to getting their workforce fully functioning while remotely deployed. This publication covers various topics of the remote working environments and remote access, such as VPN, Remote Desktop, Virtual Machines, Authentication, Access Control, Client Device Security, Data Encryption and a summary of recommendations per topic. Failing isn’t foreign to anyone or any company and it’s never a bad thing as long as we use it as a teaching moment, treating it like a tuition payment for future preparedness. Collectively, we can use our failures and misses to push us towards a picture of what success should be. Ultimately, if you’re certain of where you don’t want to be then you’ll have a better idea of where you want to end up.
