Don’t let phishing ruin the festive season: how to protect against attacks
You better watch out, you better not cry, you better not pout, we’re telling you why; cyber security is available to protect your business from online attacks.
We have come a long way since Home Alone warned us about the perils of criminal activity at Christmas time, with modern theft attempts now taking place in the digital world.
And, as employees have been working from home in their masses during the Covid-19 pandemic, there’s little risk of individuals needing to guard their house Kevin McAllister-style. Instead, businesses need to be extra vigilant over their online properties.
Eight months since the pandemic was declared and remote working has been normalised. However, it has also presented an issue that companies must keep in mind: an increased risk of phishing attacks through the use of devices for both professional and personal activities.
Over this festive period, that’s even more of a consideration for leaders to be mindful of, with an influx of online deals and email marketing campaigns making their way to people ready for online Christmas shopping.
Here are four ways you can keep your business and employees safe this from phishing attacks this festive period:
Here are four ways you can keep your business and employees safe this phishmas:
Do they know it’s CASB time?
Like Father Christmas’ sleigh on Christmas Eve, cloud adoption has soared during the pandemic to support remote working and the shift from fixed on-site networks. The ease of cloud applications in a remote working world, though, is a double-edged sword.
As cloud adoption has risen, cyber-attacks have too, growing by a staggering 50%, which demonstrates just how alert cyber criminals are to this ripe opportunity for online infiltration.
According to our research, 10% of security professionals claim that moving to the cloud has worsened company security, so it’s essential the right measures are in place.
First off, companies should conduct a risk assessment to calculate where any weaknesses may be. Plugging any security gaps is essential to keeping your company and employees safe.
The next step is to implement an overall, best-in class cloud security solution that can cover any security pitfalls that might arise from these easy-to-use applications. A CASB solution works best here and can help a company detect, examine, protect and control user behaviour and engagement with cloud applications.
This support is the first step that should be taken for mobile workforce protection this festive season.
Jingle BEC rock
In addition to a rise in cloud usage, companies and their teams should be aware that the remote working boom has brought on an increase of phishing scams, such as Business Email Compromise (BEC). Email is, after all, still the lifeline of any business and so is a cyber-criminal’s number one port of call.
BEC attacks take the shape of emails that look legitimate and as if they’re from a trusted contact or organisation, but are, in fact, from a cyber-criminal that seeks to acquire either money, or sensitive information in hope of it leading to a payday.
In the three years leading up to summer of 2019, hackers secured $26bn through Business Email Compromise attacks, according to FBI estimates. This is as much a technology issue as it is a people one, so teams should regularly be brought up to speed on what to look for.
However, businesses should not rely on employees alone to manage cyber security.
Businesses need to bolster their security with a layered email security solution that includes tools such as algorithmic analysis to block phishing emails, and real-time link scanning to automatically identify and highlight malicious links before any unsuspecting team members have the chance to reach a malicious destination.
It’s the multi-factor authentication time of the year
With practically every aspect of working life evolving around logging in, multi-factor authentication (MFA) is a powerful tool to keep imposters out of user accounts, protect data and prevent onward attacks by infiltrators.
An adaptive MFA solution is able to recognise any out-of-character activity and only challenge the user then, to avoid excess friction.
For example, if a criminal is attempting to access your account from an unknown device, strange location or at a bizarre time, MFA can kick in and recognise immediately that something phishy is going on.
From there, the genuine account user will be notified and provided with another layer of security generated in real-time, such as a one-time passcode, to authenticate their identity, rather than just relying on the password, which the hacker may have captured or found on the dark web.
Our previous survey of 1,000 adults found 46% embark on questionable processes that run the risk of leaking company information. While visiting adult sites on work devices was one of the more eyebrow-raising findings, the fact that 22% of respondents have shared documentation over services like WhatsApp is also cause for concern.
With over two billion users globally and 65 billion messages sent daily, WhatsApp is a hive of sharing and communication. Its popularity and ubiquity have brought about a trend known as wishing (WhatsApp phishing), not too dissimilar from the BEC approach. The problem now is that employees are using their work devices for personal tasks – such as running WhatsApp on their web browser and using it for business conversations.
Cybercriminals will put in a seemingly official work-related request to a user, either for paperwork or transfer of funds, in an attempt to execute the attack. Facebook Messenger and other social apps running through the web browser also run the risk of being used as the stage for such performances.
By considering all of these elements, your organisation should be on the right track for a Merry Christmas rather than a scary phishmas.