CYBER SECURITY: WHY REMOTE WORKING IS MAKING PHISHING WORSE
The pandemic changed how organizations conducted their business. It forced most organizations to send their employees home to work. Remote working became an overnight requirement.
The reality, however, is that few organizations are prepared for large-scale remote work. It has created challenges for many small and medium-sized companies.
Before the pandemic, some companies were strict about remote working norms, especially when accessing confidential data. When COVID hit the globe, companies had to suddenly rethink priorities and up their capabilities to support work from home. Unfortunately, cybersecurity was not a key priority when organizations had to roll out remote working policies. Which means they were not sufficiently prepared for the upsurge in sophisticated cyberattacks.
If we were to go by the recent polls and surveys, hybrid work culture is here to stay. The increase in remote working calls for a greater focus on cybersecurity. Cyber-attackers see the pandemic as an opportunity to step up their criminal activities by exploiting the vulnerability of employees working from home and capitalizing on people’s strong interest in coronavirus-related news. These campaigns target employee or business financial assets. They attempt to solicit account credentials or release malware (including ransomware) onto enterprise networks. A survey by Deloitte reported that 47% of individuals fall for a phishing scam while working at home.
WHAT IS PHISHING?
Phishing is a social engineering attack that uses spoofed emails to get unsuspecting people to share their sensitive personal and financial information. Generally, phishing email scams will look like they have come from a company’s CEO or another high-ranking staff member and ask you to urgently provide your username, password, or other personal information. Once you have clicked on the link in the email, it will ask you to provide more details about yourself. This is especially true if what looks like a familiar website pops up — for example, an account login page that looks like it belongs to your bank.
Cybercriminals recognize that the data security measures currently in place are ‘not fit for purpose’ or sufficiently robust to prevent them from making successful cyberattacks.
Even before the pandemic, human error was already considered a significant cause behind cybersecurity issues as employees would unknowingly or recklessly give access to the wrong people. With remote working, the problem is even more critical. When they work from home, employees may be interrupted in the work they are doing by family members or social visitors. These distractions can make individuals more careless.
Organizations must ensure their IT systems adapt to these changes in working practices and increase human error.
HOW TO DEAL WITH PHISHING
Protecting against cyberattacks has become an even more daunting task for organizations, as work from home means having multiple workers sign on to their network via potentially unsecured home Wi-Fi connections.
That doesn’t mean organizations cannot ensure security from home or achieve a balance between enabling remote working and data privacy. Many organizations are experiencing pressure on the IT team as they work towards enabling remote work strategies. With limited time and resource availability, your in-house IT team can only resolve a certain number of issues and queries on a particular day. Most times, critical tasks, including cybersecurity, take a backseat in tackling everyday priorities.
A 24-hour IT Help Desk will ensure employees get support at the time of need, ensure no query is left unaddressed, and free up the time of your IT team to focus on business goals.
There are a few steps that can help prevent phishing attacks:
- Conduct email security training frequently. Organizations must ensure that people are adequately informed about online risks.
Teach employees how to identify a phishing email and inform them of new trends.
- Use trusted antivirus software and routinely update it.
- Encrypt sensitive information.
- Designate and secure specific remote work devices.
- Employ user and two-way authentication.
- Set up a VPN.
Phishing scams are increasingly becoming more and more popular. But these are now more sophisticated than ever, which makes them harder to spot. If you are getting any emails that look suspicious, contact the company directly and ask for proof of identity before taking any steps