As organizations transition to the work-from-home environment, the risks of cyber fraud grow even more acute. Fraudsters are seeking to exploit remote workforces to gain access to valuable confidential and personally identifiable information, using timely phishing and man-in-the-middle scams as well as standard firewall and perimeter penetration. Consider taking these basic steps to protect your organization from cybercriminals.
Remember that many cybercrimes are accomplished through the use of email. Common email cybercrimes include phishing scams, corrupted attachments and attempts by bad actors to obtain personal or financial information or misdirect money or other items of value. Many hackers are capitalizing on coronavirus fears to obtain remote system access, such as through phishing scams that encourage recipients to click on links to purchase masks or hand sanitizer or to connect to helpful coronavirus information from reputable organizations like the Centers for Disease Control and Prevention or the World Health Organization. Fraudsters are even impersonating state and local Department of Health workers and cold-calling homes, purporting to set up Coronavirus tests in an effort to solicit personal and protected health and identifying information.
To guard against these scams, encourage the use of good email cyber hygiene habits, including:
Be alert to man-in-the-middle fraudsters seeking to exploit the remote work environment. Man-in-the-middle attacks occur when a perpetrator positions herself in a conversation between two email users to impersonate one of the parties, making it appear as if a normal exchange of information is underway. For example, a perpetrator might use a slightly different email address — e.g., CEO@compaany.com rather than CEO@company.com — to cause the person receiving the email (the victim) to send funds to an account controlled by the perpetrator rather than to the company’s account.
Ways to spot and stop man-in-the-middle attacks — whether they are purporting to send money to a new or old vendor — include:
Be aware of the unique security concerns presented by devices with listening capability or voice activation. Advise employees to mute or shut off listening devices like Amazon Echo, Nest cameras, and Amazon’s Alexa or Google’s voice assistant when discussing confidential matters. These kinds of devices present a myriad of security issues:
Take into account cybersecurity and data privacy issues when determining whether and how to rely on vendors or other third parties to manage the new burdens imposed by the work-from-home environment. Consider, for example:
Make sure all devices have secure passwords. Experts advise that passwords be at least 12 digits in length, with symbols, numbers, letters and varying use of capitalization — e.g., Pe@nut$_&_cr@ckerj@ck$.
Overall heightened vigilance, frequent reminders of good cyber hygiene and related company policies, and good common sense will serve your company well.