Amid the COVID-19 pandemic, many companies and employees have transitioned to a remote working environment. While this process has gone smoothly for many companies, everyone involved must also understand that hackers have been ramping up their efforts in an attempt to snare employees working from home, as the security measures are often a bit more lax in this scenario.
Many hackers understand that home-based workers may let their guard down a bit in this environment, making them more susceptible to clicking on links without fully vetting the source first. And not only are they taking advantage of the situation, but hackers are also taking advantage of the emotional state of many of those who are struggling to get through the pandemic. People are desperate for information and updates on the COVID-19 situation, and in their desperation, they may be lured into false messages promising this information.
Hackers are taking full advantage of these feelings, and in many instances, they are successful. Gmail alone has reported finding over 18 million malware and phishing emails daily related to COVID-19 on top of 240 million daily COVID-19 spam messages. Some of the more common phishing campaigns related to COVID-19 contain the following elements:
- Fake notices from health organizations at the federal or state level.
- False updates from employers regarding policies or procedures that address security risks in a remote working environment.
- Messages alleging to contain information about protecting yourself and your family from COVID-19.
- Fake charities soliciting funds for alleged victims of the virus.
- Phony websites with false virus data.
- False messages regarding economic relief, grant opportunities, debt relief, and stimulus payments for those being financially impacted.
It is clear that their attacks are at full force and can put many vulnerable and unsuspecting employees and companies at risk.
Fortunately, there are some strategies that can help keep your employees alert so that they do not fall victim to phishing scams. There are some recommended actions you can take to ensure that your employees remain vigilant about spotting phishing attempts. Ensuring this often requires the following steps:
- Security Training – Ensure that employees receive regular phishing and hacking awareness training. A one-off training course is not enough but should be repeated periodically. Further, the training should be updated to capture any evolving strategies that hackers may adopt as working situations continue to evolve. Training should focus on helping employees to spot:
- Email addresses and links that are suspicious. Even email that appears to be internal can be detected by hovering over the name until it shows the actual email address. The same method can identify the true website for suspicious links.
- Spelling and grammatical errors that are common in phishing emails.
- Those that call for immediate action, often falsely claiming urgency.
- Requests for donations to fake charities.
- Information about vaccines or other medical assistance that isn’t currently available.
- Quizzing – Any security training on phishing should contain quizzing as a follow-up to ensure that employees fully understand the concepts and risks identified in the course.
- Periodic Follow-Up – Regular follow-up is also essential to ensure employees understand new and emerging threats and to emphasize the need for continuous vigilance against suspected threats.
Prior to COVID-19, Sagacent Technologies, as well as many other industry leaders and experts, had recommended that employees receive formal in-person training in groups, conducted at their place of employment, either bi-annually or quarterly. However, the increased risks that have been presented by the pandemic as well as the shift in working conditions to remote formats makes a virtual training format more desirable. One key advantage of virtual training is that they can be delivered to groups or individually at any time interval, making it possible to have more training should your company be at an increased risk.
Today, Sagacent delivers these training sessions via short, easy-to-understand, and visually engaging videos, followed by a quick quiz to verify each employee’s retention of the training content. Sagacent also offers phishing simulation emails to track which employees might need a little more help. The training, combined with the simulation emails, can significantly reduce a business’ risk of falling victim to phishing attacks throughout the pandemic and in the future.
If you need help getting your employees trained on security best practices, call at 408-248-9800, or email us at firstname.lastname@example.org.
Sagacent Technologies offers premium IT services, delivered in an unlimited, all-you-can-eat manner, at a fixed monthly fee, all specifically designed & performed to significantly reduce the IT business risks of: Data Loss, Security Breaches, Business Interruptions, and Compliance failures.
Sagacent Technologies • 408-248-9800 • email@example.com • www.sagacent.wpengine.com