Since the beginning of 2020, many organizations have been forced to transition to remote working. In fact, 66 percent of US employees are now working remotely as a direct result of COVID-19, according to the Clutch 2020 Remote Work Survey.
For many, this is their first experience with working from home and their first exposure to phishing scams without the security of the office network. Cybercriminals see the rapid shift to remote work as a great opportunity to obtain access to sensitive information, extort money from victims, and cause chaos.
Organizations that want to thrive in this new environment must quickly learn how to defend remote employees against all types of phishing scams.
Types of Phishing Scams
Phishing may seem like an old threat, and it is. But even though the term “phishing” was first used and recorded on January 2, 1996, the attacks that can be described by it are still the number one attack method behind data breaches, according to the 2019 Verizon Data Breach Investigations Report.
What some organizations don’t realize is that cybercriminals have come a long way since the days of Nigerian princes asking for bank account details in broken English. Here are the most common phishing attacks employees are likely to encounter when working from home:
- Email phishing: Email is still the tool of choice of phishers because it allows them to quickly and cost-effectively target many potential victims. Regardless of how convincing they are, the goal of phishing emails is always the same: to trick the victim into taking an action that’s against their best interest, typically resulting in the disclosure of sensitive information or the spread of malware.
- Spear phishing: The main thing that separates this type of phishing from regular phishing is the amount of research it involves. Spear phishers spend days and even weeks gathering information about their victims to craft extremely convincing email messages that seem to have originated from a trustworthy source.
- Whaling: When a spear phishing attack targets upper management, then cybersecurity experts describe it as whaling. Because such attacks have the potential to yield enormous results, they are planned well in advance and coordinated with other attacks.
- Vishing and smishing: Phishing doesn’t always happen over email. Vishing attacks attempt to lure victims into disclosing sensitive information, such as a password or someone’s birthday, over the phone. Smishing attacks to the same but use SMS messages instead.
- Angler phishing: This relatively recent type of phishing takes advantage of social media by creating bogus customer service accounts on sites like Twitter and Facebook. In many cases, all that attackers have to do to obtain sensitive information is wait and let unsuspecting social media users come to them.
There has been a steady increase in the number of COVID-19-related spear-phishing attacks since January 2020, according to data from Barracuda Networks. Attackers are unlikely to slow down in the foreseeable future now that the much-feared second wave of coronavirus is hitting countries around the world.
How to Protect Your Business Against Phishing Scams
Ensuring effective protection against all common types of phishing scams requires a multi-layered approach to security.
Educate Remote Employees About Phishing Scams
Employee education is always the most effective protection against phishing scams. Remote employees need to be trained on how to recognize phishing attempts by keeping an eye for common phishing signs, such as spelling and grammar mistakes, suspicious sender addresses, urgent calls to action, attachments, and links to third-party websites, just to give a few examples.
It’s important to encourage remote employees to verify all suspicious requests over the phone or using some other communication channel besides email. To reinforce what employees have learned, it’s a good idea to create mock phishing drills that simulate real-world attacks and give employees a valuable opportunity to realize their own mistakes.
Use a Reliable Email Spam Filter
Even the most security-aware employees can make mistakes, especially when working from home, with kids, pets, and other distractions being in ample supply. A reliable spam filter can detect and catch phishing emails before employees have a chance to open them. Modern business email spam filters are highly configurable and offer many useful features that increase their effectiveness, such as logging and reporting, auto-whitelisting, or the ability to set independent policies for incoming and outgoing mail.
When choosing a spam filter for your organization, you should take into consideration the deployment options it offers, ease of use, spam detection rate, and affordability. The installation and management of the spam filter can be outsourced to a managed services provider.
Strengthen Employees’ Cybersecurity Posture
Remote workers don’t have the luxury of working behind a company firewall on a highly secure network that automatically blocks all potentially dangerous communication. But just because they have to rely on their home internet connection or a public WiFi network doesn’t mean they can’t take certain steps to strengthen their cybersecurity posture.
For example, remote employees can use a VPN, or virtual private network, to protect private traffic from snooping. They can also enable multi-factor authentication to prevent a data breach in the event of a password leak. Last but not least, they can proactively update their operating system, applications, and antivirus to fix critical vulnerabilities as soon as they are discovered.
Cybercriminals don’t hesitate to take advantage of any opportunity they get to steal sensitive information and use it for their personal gain. The recent shift to remote working has resulted in a substantial increase in the number of phishing attacks against organizations of all sizes and their remote employees. To avoid costly data breaches, organizations must ramp up their email security efforts and update their existing defenses for the era of remote working.
At Aligned Technology Solutions, we offer custom-made cybersecurity packages that include anti-malware software, usage approval, email protection, and identity recognition. We can monitor and maintain your data and IT infrastructure with a multi-layered cybersecurity strategy to protect you against all types of phishing scams. Contact us to protect your remote employees now.