You can’t avoid them by social distancing. You can’t kill them with disinfectant wipes. You can’t even see them under a microscope. They’re the cybersecurity threats spawned by malicious hackers taking advantage of the COVID-19 pandemic.
Cyber criminals have long used major news events as prime opportunities to take advantage of society’s collective fear and need for critical information. While it is a necessity under current conditions, and likely to remain a necessity in both the short and long-term future, the work from home dynamic creates a very opportunistic situation for hackers and phishers. The U.S. Department of Homeland Security has addressed the significant rise in coronavirus-related phishing attacks.
The combination of companies rushing to get employees connected, traditional office workers now working remotely, and businesses not properly protecting themselves with a complete Work-From-Home (WFH) solution has left workers (and their data) more vulnerable than ever.
Here are some recommendations for those of you wondering ‘how can I protect myself, my organization, and my customers from cyber attacks’:
Build a Complete Work From Home Deployment
The urgency to work remotely has caused many decision makers to pull the trigger on “quick fix” partial solutions that enable rapid remote work. Often, an initial work from home setup lacks critical components that leave gaps in connectivity, security, or the physical environment itself. A full work from home solution is comprised of multiple pieces – mobile threat defense, unified endpoint management, email security, multi-factor authentication, identity and access management, and secure VPN. Help your customers consider these areas by asking what their current WFH deployment looks like, and helping them identify the missing pieces. Having these technologies in place lays a solid foundation for securing an entire company, it’s data, and that of it’s employees.
Lookout for Scam Emails
Coronavirus-themed phishing emails can take many different forms. Cybercriminals are sending emails designed to look like health advice notifications, workplace policy announcements, and even stimulus check confirmations. During this period, people should take extra care. Encourage your customers to stay alert. Something all your customers can do is to add a header banner alerting the recipient that the email came from outside of their organization. Of course, if you are managing their email services for them, you should do this on their behalf. Here’s a link to a simple process that works with Office 365. Online consumers can stop cybercrime before it happens by checking the email sender’s address and attached links without opening them. Avoid all requests for money transfers or sensitive information without talking to the person to verify it. Be on the lookout for spelling errors, generic greeting like “Good Afternoon Sir,” and urgent requests.
Keep Work Data on Work Computers
It can be tempting to use your personal computer for work while you’re home, but this is a risk for both you and your employer. Most likely, your organization has an efficient IT team that’s installing regular updates, running antivirus scans, and blocking malicious sites. It’s uncommon for these same protocols to be followed when using your personal computer and unfortunately common for a loved one or a child to accidentally open or click on a link that they should not have clicked on. For example, if malicious codeforce-installs a key-logging software on your unsecure computer, a hacker can easily obtain passwords to your company’s most sensitive business systems. So, when talking to your customers, be sure to ask them what their physical desktop setup is from home, emphasize the importance of utilizing work computers in place of personal ones, and offer them guidance on the desktop accessories that can help increase productivity. Moreover, a dedicated LTE Connection for an employee’s work computer can help eliminate potential threats from network attacks. If a home network were to be compromised, having a dedicated LTE connection on the work computer would complete mitigate the threat to any corporate data.
As the latest news about COVID-19 evolves, so does the threat of phishing attacks that exploit it. Companies seeking to protect themselves should consider these recommendations to help better spot scams as well as advance phishing defenses that could minimize the number of attacks making their way to inboxes. To take next steps on deploying solutions that can help your customers protect against phishing attacks, reach out to 3Eye.