We’re several weeks into our new work-from-home environment. For many workers and businesses, working remotely is commonplace. Yet, most businesses are now supporting a far greater percentage of the workforce working from home (WFH) than ever before. The shift to WFH, accompanied by a broader set of dramatic workforce changes has opened new opportunity for bad actors to exploit a key cybersecurity vulnerability: Phishing your people.
Same as it ever was- People are your soft target
Phishing attacks remain a key threat, only now bad actors are using the current whirlwind of terminology and change to their advantage. Our WFH workforce is rapidly adapting to new technologies, new applications, and new policies. This creates a huge level of uncertainty, that is ripe for exploitation. The cyber criminals are using all the new terminology in their rapidly evolving and sophisticated phishing attacks.
Targeting the uncertainty around new technology and applications, phishing expeditions offer help with setting up your work-from-home access, or accessing your zoom meetings.
Similarly, they are camouflaging their phishing behind “Covid Bait”, including posing as the CDC or WHO, or local health agencies.
And now with new government economic relief packages emerging, they are promising to help secure financing, aid funding, and finding employment.
People have always been among our biggest vulnerability in securing our critical IT infrastructure. The prescription for keeping your organization safe is similarly the same, but needs to be refreshed and updated to the current environment.
Audit, Plans and Policies, Processes and Technology
- Audit to determine your vulnerabilities
- Develop plans and policies to address the vulnerabilities
- Deploy processes and technology to support the policies.
For the latest wave of phishing attacks, that means reminding your employees of your policies. If you don’t have policies, develop them. Be sure they are aware and cautious of the new attacks cloaked in today’s terminology. Don’t click on a link or an attachment from any unknown source. Verify the source, and ask for help if anything looks suspicious. Report suspicious email based on your company policies.
Few of us anticipated a global pandemic would resulted in a huge percentage of the workforce working from home and become,a potential threat to our business continuity. Now that the pandemic has triggered our business continuity plan, , be sure to capture the lessons learned and document them in your security and business resilience plans.
Need help with any aspect of your information and data security audits and plans? Let us know.