The new normal
The spread of COVID-19 has led to what many are referring to as the ‘new normal’. Employees all over the world are working from home, accessing company data and logging onto company platforms, often when not wholly set up to do so. With employees no longer in the perceived safe office environment, coupled with the constant demand for new information, our guard is naturally lowered and we’re more susceptible to clicking on suspicious emails. This has led to a huge increase in targeted phishing campaigns.
What is Phishing?
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity. Phishing is carried out over email, phone or text whilst pretending to be a trusted person or institution. It has been around since around 1995 and remains a huge problem today. Last year the cybersecurity company, Kaspersky, reported that there were 130 million phishing attacks in Q2 of 2019 alone. Another report, carried out by PWC, labelled phishing as the most common form of cyber-attack.
Why is it Happening Right Now?
Phishing is a constant threat and there are millions of phishing attacks every single day. However, due to the extraordinary circumstances created by COVID-19, there is a global awareness of people working from home. In the minds of cyber-criminals, this means that there are more vulnerable internet users than ever before. People are accessing company information from home while children are off school and causing distraction – cyber-criminals see this as a perfect opportunity to pounce. According to research firm Barracuda Networks, phishing emails have spiked by over 600% since the end of February. Many of these schemes include emails with COVID-19-related topics or reports.
How to Spot it and How to Stop it
Phishing is a simple yet effective form of cyber-attack. However, there are many ways to protect yourself against it.
When it comes to phishing attacks, the most vulnerable users are those that are unaware that it exists. Be wary of all unsolicited emails, texts and phone calls, especially those that require you to send personal information. If you receive a suspicious email, do not open or respond to it. If you have even the slight bit of suspicion, contact a a member of your IT team.
If you manage a team, it is up to you to spread this awareness. Educate your people on the concept of phishing and make sure they keep their guard up at all times. Microsoft 365 Enterprise has the capability to enable targeted test phishing campaigns. These campaigns are an effective way for companies to identify their vulnerability to a phishing attack and if training is required. It also helps to educate your team on the importance of practicing caution.
3. Be on Your Guard
Be sceptical of emails from trusted sources. This sounds counter-intuitive but it is vitally important. Phishing works because people trust the source and divulge personal information without giving it a second thought. Email is not the medium to send personal information. So be cautious of any requests to send personal or company data.
4. Multi-Factor Authentication
As an organisation, the best ways to protect against phishing is by implementing Advanced Threat Protection (ATP) and multi-factor authentication with conditional access. Multi-factor authentication requires more than one means of signing in. This could include a password and code sent to your phone. This extra layer of protection means that even if attackers manage to get your password, they won’t be able to get past the second line of defence. You can read more about multi-factor authentication in this blog post.
5. Don’t Mix Work with Pleasure
While remote working, do your best to separate your work life from your personal life. Whether you are at home or in the office, if you are in work-mode, only use work-related applications. Don’t be intermittently switching between your personal email, banking or social media accounts. Falling victim to a cyber-attack in one, could compromise you for all.
Check out the following security-related blog posts from ActionPoint.
For more information about IT Security from ActionPoint – click here.