Whether employees are at the office or working from their kitchen table, they’re susceptible to being on the receiving end of one of the most common social engineering tactics. Phishing is a scam where people are manipulated into providing credit card numbers or sensitive personal information (like login credentials) by a bad actor pretending to be a legitimate source (like a colleague, bank or even government institution).
This “wolf in sheep’s clothing” deceives the recipient into not only opening the message but also into clicking on a link or opening a file that can compromise the security of their device and personal or business information. This opens them up to unauthorized purchases, identity theft or the theft of sensitive or proprietary company information.
With many companies choosing to practice social distancing as a result of COVID-19, our work environments have changed to the comforts of home, and we’re relying on digital communication more than ever to stay connected with our colleagues. While working remotely, we need to be mindful that phishing scams still exist regardless of what our workspace looks like. In fact, cybercriminals may look to exploit these uncertain times and unfamiliar work environments. You and your employees can protect yourselves! Here’s how:
Arm your employees with phishing awareness and education
Make sure your team knows the warning signs of a phishing email, like poor spelling and grammar, an implied sense of urgency to complete a task or provide information, appearing to come from someone in a position of authority, limited sender contact information, requests for money or personal information and attachments or links.
They should also slow down and ask themselves if they were expecting this message – does it make sense that the person this message is supposedly from would be sending the message in the first place? If not, the message is likely worth investigating more thoroughly.
Use technology as a safety net
While no anti-virus software can be as effective as applied awareness and education, it’s a great backup!
Many email systems also offer basic security functionality, and can be further configured with additional features or services from third-party vendors.
Keep the lines of internal communication open
Encourage and provide a way for your staff to report suspicious emails.
It’s always better to report an email than to take a potentially devastating risk.
Engage the experts
There are many consulting organizations that focus exclusively on combatting the latest evolution of cyber threats and training their clients’ staff to do the same.
We strongly recommend researching and engaging these resources to learn best practices and implement them in your own organization. Proofpoint Inc. is a leader in email security and security awareness training. They have a variety of free tools to help you improve your end-user cybersecurity awareness, like this phishing identification infographic.
As you mobilize your workforce, we want you to not only stay home but to also stay safe in every aspect.
By Daniel Dallmann
Team Leader, Information Security at Payworks