As a significant number of employees are now working remotely, cyber criminals are hard at work devising new ways to infiltrate your networks and take advantage of unsuspecting targets.
Listed below are a few of the more prevalent attempts being used to gain access and potentially disrupt your business and steps you can take to help stop them.
Signs of a social engineering attack may include:
- Urgency—Any messages (email, phone call, text message) that communicates an overt sense of urgency. Bad guys are trying to make you feel rushed, and have you make a mistake.
- Ignoring security policies—Any message (email, phone call, text message) that pressures you into bypassing or ignoring security policies and procedures.
- Too good to be true—Any message (email, phone call, text message) that promotes cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.
Recent scams include:
- Safety measures turned malicious—This phishing attack impersonates a coronavirus specialist from the World Health Organization to trick victims into downloading a malicious file disguised as a safety document.
- Internal organization alert—This phishing attack takes a corporate approach by impersonating a company’s president to deliver an infected attachment disguised as tips to prevent infection.
- New cases in your area—This attack preys on the fears of coronavirus spreading near the victims’ location. Disguised as a CDC alert, this phishing email tricks victims into clicking a malicious link by offering an updated list of new cases of the virus documented near them.
- The donation scam—This phishing attack solicits donations to fight the spread of the coronavirus. The attack imitates a CDC emergency outreach email and asks victims to deposit money into a Bitcoin account.
- Fake product scam—Investment scams related to products claiming to prevent, detect or cure coronavirus.
- Technical support scams—This attack relies upon everyone working remotely and would initiate from a phone call, web ad, or email and induces you to open a malicious attachment or connect to a remote support site to address a purported virus or other issue with your computer. When in doubt you need to independently verify the identity of anyone you are connected to. They rely upon perceived authority and confidence to induce compromise.
Below are a few areas to focus on:
- Education—This should be at the top of your list. Make sure your employees know how to spot a potential malicious attempt to scam them. They should not open any unfamiliar emails, click on unknown links, open/download unsolicited attachments or provide personal information to anyone asking for it.
- Anti-virus software and firewalls—Make sure they are updated to the latest versions. Adding a managed services option ensures that your networks are continually monitored 24/7 for attempted breaches including the latest virus strains. Once an attempted breach is detected, your provider will take action to block the breach and provide robust reporting on activities occurring on your website. A managed service provider will also automatically update your software as latest versions and patches become available taking the burden off your IT department.
- Secure access to your networks—Ensure that all employees are using a secure VPN to access the network. A VPN lets you increase the security of your web session, transmitted data, financial transactions and personal information online, no matter where you are. New solutions are available that do not require software downloads to employee device and flexible enough to add licenses and users as needed.
- Secure sign-in—Enforce 2-factor authentication on all your email accounts, and any other systems in which it is supported.