There are a number of factors that make this new “stay at home” environment a particularly vulnerable one when it comes to cybersecurity.
One of those factors is that thousands of people in the Greater Houston area and throughout the country are working from home for the first time. This is the result of companies trying to reduce the spread of the coronavirus.
Home networks are not generally as secure as business networks but are now handling all the same types of sensitive data. Home workers also might be cut off from the types of IT security backstops that they have at their office.
Another factor is that cybercriminals are taking advantage of the pandemic. They sent out thousands more phishing campaigns in March alone, many of them using COVID-19 related themes.
In less than a month, phishing attacks rose 667% due to the coronavirus outbreak.
One more danger factor is that many companies that have managed IT services at their office, haven’t expanded their protections to cover remote workers. So, their data is at risk, with varying levels of security being applied personally by employees.
Phishing safety awareness is vital to ensuring your business doesn’t end up with a data breach at any time, but especially now as phishing attacks continue to skyrocket.
Teaching Best Practices for Phishing Awareness
Phishing attacks come in all forms and employ sophisticated tactics like auto-filling the person’s name or company name in the message. The pandemic has launched a whole new slew of tactics designed to get users to take action.
That action generally takes one the following forms:
- Clicking a link to a site that downloads malware onto the user’s device
- Clicking a link to a spoofed login form designed to steal credentials
- Clicking a link to a spoofed form that steals sensitive info (like SSNs)
- Opening a malware-laden file attachment that infects the user’s device
Phishing emails or text messages with a URL are particularly dangerous. Users tend to trust these more than file attachments. They can also get by the more basic antivirus programs because the email doesn’t contain the malware itself.
Malicious URLs are used in approximately 85% of phishing emails.
Here are the tactics you should employ to educate your employees and help prevent a data breach or malware infection.
Make Users Aware of the Newest Phishing Campaigns
Phishing awareness training from last year didn’t include examples of COVID-19 phishing scams because they hadn’t been created yet. This pandemic is an example of why employees need ongoing cybersecurity training. Without that regular training, they’re going to be looking for older attacks, not newer ones.
Some of the newest COVID-19 related phishing scams are:
- Email from the “HR Department” telling employees to read a new company communicable disease policy
- Email that purports to be from the CDC or WHO providing a map of “outbreak areas in your city”
- Email that gives a link to “safety measures” to take to protect against COVID-19
- Email from the user’s company’s “new I.T. partner” explaining that they are deactivating emails and that the recipient needs to take action to prevent theirs from being turned off
- Many different types of emails offering personal protective equipment, fake cures, or fake vaccines
Teach Phishing Reveal Tricks
Phishing reveal tricks are those actions a person can take when they receive a questionable email that will help them identify whether or not it’s legitimate.
These reveal tricks include:
- Hovering over links without clicking them to show the true URL
- Viewing the header source of a message to see the real sender’s email address
- Looking for any grammatical or spelling errors (no matter how small)
- Double checking email domains to see if they are slightly different versions of a legitimate one (i.e. CDC-gov.net instead of the real CDC.gov)
Give Employees Steps to Take
When employees are working at home, they can easily be confused about what to do if they think they’ve received a phishing email or have clicked on a phishing link.
You can’t assume they’ll follow the office protocol once they begin working remotely. They need to have a policy with steps to follow that covers them while telecommuting.
Tell employees what to do if they suspect a phishing message. Such as, not to take any action, but instead to forward it to your IT team or IT provider.
Have them take the stance of being suspicious of all emails instead of natively trusting them. This change in mentality as they look through their inbox can help prevent them from being fooled as easily.
Give employees instructions to take if they think they’ve accidentally clicked a phishing link. Such as, immediately notifying your IT provider for a virus scan.
Keep Remote Employees Protected with the Right Tools
The right anti-phishing and anti-malware tools can make all the difference in protecting your remote employees. Digital Crisis can help you ensure your at-home workers have the data breach safeguards they need.
Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.