About 1 in 4 organisations (25 percent) are now entirely remote during the Covid-19 outbreak, while many other companies are still struggling to join the bandwagon. Working from home has been campaigned a lot recently, as part of the effort to help the government flatten the curve of Coronavirus infections.
As the world is seeing the biggest experiment of virtual workplace, both employers and employees are urged to diligently check their cyber hygiene, advised Priyanka Naidoo and Rosalind Lake, Norton Rose Fullbright.
Beginning in late January 2020, the volume of a data breach as a result of phishing attacks is expanding. These phishing attacks are usually relevant to businesses whose employees are new to working remotely. Employees who are not accustomed to working remotely might connect to a malicious WiFi network, and they are not used to following general security protocols established by the company. Thus, these individuals are vulnerable to be easy prey for hackers.
According to CNBC report, the number of phishing scams and spam has spiked recently. More than one-third (36 percent) of respondents reported that cyber threats have increased as employees work remotely. One organisation has seen phishing and other cyberattacks spike by 40 percent.
The case of phishing emails that emulated the CDC, in particular from emails containing the domains cdc-gov [dot] org and cdcgov [dot] org, for example. In one instance, the URL contained within a phishing email led to a fake Microsoft Outlook login page, designed to convince victims to input their credentials. In another instance, victims were asked to donate Bitcoin to the CDC to aid in the pursuit of a vaccine.
In response to such malicious attacks, HR and IT teams should work side-by-side in preventing unwanted behaviour from cyber attackers, especially for companies whose employees are rarely or never conducting working from home.
As for the human resources team, there should be continuous awareness delivered to employees through formal notification. Displaying the negative effect of clicking or registering to a malicious network would help increase employee’s awareness. Together with this, the IT team should add multi-factor authentication as an added layer, advised Gary Owen, Wells Fargo’s Security Officer.
HR teams should keep employees informed that other communications purporting to come from the CDC, WHO, or other formal organisations and/or trademarks might contain the malicious threat. As mentioned earlier, attackers might create web addresses and trademarks alike, and many victims could fall for it.
Recorded Future study found that legitimate organisations would send informative emails even without individuals should open any links or attachments. Yet, malicious “legitimate” emails require urgency from its victims to click any attachments or links that are said to contain additional information rather than being informational themselves.
Therefore, asking employees to report such malicious websites and instructions would likely help IT teams secure and block suspicious IP addresses. This way, employees will not receive the same phishing emails. Please note that formal organisations would not take cryptocurrency payments, or ask its users to transfer money or information. If employees find such a thing, remind them to be cautious about it. In addition, it is also advisable for HR to provide a list of formal and useful websites for employee usage, containing information about Covid-19 prevention.