Shocking statistics have been unveiled by Darktrace showing that the proportion of attacks on those working from home rose from 12% pre lockdown to 60% during lockdown. This is in part due to workers having to work from home using systems which are unfamiliar to them. The attacks range from preying on anxieties around coronavirus, malicious attempt to reset VPN accounts and fake chat on corporate messaging systems as well as phishing and spoofing scams.
The scammers look for ‘backdoors’ in networks which may be left open leaving the company highly vulnerable to these attacks.
Austen Clark, managing director of Clark Integrated Technologies has advice and practical tips to protect your business:
Employees are always your first, and best line of defence
The value of the human element in IT security can never be underestimated. Anyone that uses a PC, laptop, tablet or phone in connection with their work has a responsibility for security. Your workplace security culture should start at the beginning of an employee’s journey and should be a core part of the new staff induction checklist.
For an existing workforce, security can be promoted through training, regular updates at team meetings and by carrying out audits and making IT security part of working responsibilities.
To maintain a security conscious culture in the workplace, training courses are an excellent way to raise staff awareness of the type of threats and security issues affecting companies today.
Make Your Team Aware Of Different Cyber Attack Techniques
It’s not enough to tell staff to be vigilant – you need to give examples of the type of thing they need to look out for. During the lockdown we’ve seen emails purporting to be from government departments, HMRC and the WHO. These use official looking logos and can link to landing pages on malicious sites. These emails often have a time limit on them where you are urged to act quickly. Criminals prey on emotions making the recipient fearful or panic, or make the reader think they will miss out if they don’t act. Most importantly for lockdown and coronavirus, cyber attacks exploit current news and events.
The National Cyber Security Centre has excellent advice on suspicious emails which can be found here https://www.ncsc.gov.uk/guidance/suspicious-email-actions.
Develop a Team of Sceptics
It only takes one click on a suspicious email to lead to a totally compromised system. Encourage your team to be sceptical of emails from unknown people or individuals that they don’t expect to receive an email from and ensure they never click on these emails or attachments without checking with IT support. Tell them to check the email address which the email comes from – fraudsters often use a similar but incorrect spelling of the organisation they are pretending to be from. The quality of the language, grammar and spelling can also be an indication of a criminal attack.