Stay at home mandates, remote workforces, and heightened pandemic fears changed our live-work realities. They also presented an opportunity for cybercriminals to prey on our anxiety and target work-from-home employees using phishing schemes. The escalation in phishing attacks places the personal identity credentials and business networks at increased risk. That’s largely because hackers have adopted email phishing attacks as the preferred criminal method to trick an unsuspecting public.
According to reports, the FBI fielded more than 20,000 COVID-19 threats and the United Nations saw an increase in phishing email attacks that topped 600 percent since the pandemic began. Hackers commonly impersonate health organizations such as the Centers for Disease Control and Prevention, among others, to lull everyday people into downloading a tainted file or clicking on a malicious link. Once the person has been duped, hackers can siphon off personal and financial data. And if that work-from-home device includes business network access, digital thieves can walk right through the front door.
The FBI and FCC have been vigilant about alerting consumers and newly-minted remote workers that phishing has emerged as a hacker’s scam of choice. Bulk emails routinely provide some type of emergency or incentive for people to open them or take an action that results in a breach. But during the pandemic escalation, a sophisticated class of digital con artists has improved their messaging and techniques. According to the FBI, these are three alternative methods to phishing employed by online criminals.
The FCC points out that cybercriminals have added contact tracing schemes, robocalls, and widely make false promises about vaccine breakthroughs to entice click-throughs. The flurry of hacking schemes leaves industry leaders in the dark about what work-from-home staff members are doing. With enterprise-level cybersecurity and deftly managed IT in place, it seems inconceivable that a valued employee could upend the entire organization with a single click.
In a recent article posted on LinkedIn called “Spike in COVID-related Phishing Attacks: COVID 19 Cybersecurity,” March Haskelson discusses the inherent failings of the healthcare industry to transform frontline workers into part of a hardened defense system. He points out that a healthcare workers survey uncovered frightening data that includes the following.
It’s safe to say that healthcare workers onsite and working from home are undertrained and ill-informed about how to identify and deter phishing, vishing, smishing, pharming, and any other emerging threat. This type of oversight extends to other sectors as well. Haskelson points out that such scams often have telltale signs that an educated workforce could easily identify.
Agencies such as the FCC publish guidelines regarding phishing-attack prevention. While suggestions such as “Never share your personal or financial information via email, text messages, or over the phone” are helpful, they do not go far enough.
Frontline workers are inundated with legitimate requests for information, impending deadlines, and commonly get overwhelmed. In the midst of someone’s daily organized chaos, recalling an agency post about email scams is not likely to remain at the forefront of someone’s mind. That’s why business leaders must take the initiative to enhance security thinking on an ongoing basis. These are cybersecurity and awareness methods thought leaders are leveraging to empowering workers.
While these and other indicators are useful, they tend to go by the waist side during a fast-paced workday. That’s why forward-thinking business leaders incorporate ongoing cybersecurity and awareness training into weekly schedules.
By working with a managed IT cybersecurity specialist, workers are educated about deterrence tips and alerted to emerging threats in real-time. Third-party cybersecurity firms may offer videoconferencing options, podcasts, and daily email alerts. The modest cost and time required to avoid having your network taken down by a hacker seem like a reasonable investment. In an age of rising cyber-attacks, proactive leadership remains the best defense.
My philosophy when starting OTT was I wanted to create a place that I would want to work at (fun and friendly.) Where there was no corporate politics and we could just do our job fixing things and helping people. We can help people with their technology and not be arrogant or condescending to people. We can actually make a difference in peoples lives and not just say it but do it.