Phish out of water – the unique vulnerabilities of the remote enterprise
- Cyber threats in particular COVID-19-related phishing scams have become a thorn of enterprise IT security teams worldwide
- Remote working employees’ lack of cyberattack awareness is one of the core concerns
Cybercriminals are employing tried-and-tested tactics such as phishing scams in new and novel ways, forcing individuals and organizations alike to be on alert, especially as many of the tactics are utilizing the ongoing pandemic as a backdrop.
Phishing ploys, in particular, have proven numerous, as the sheer volume of affected people worldwide – combined with the need of many to stay informed during such troubled times – has been bringing out the worst in hackers and online opportunists.
Catching remote employees off-guard
A good number of businesses have risen to the challenge of shifting their operations and talent pools to remote working solutions.
Without the pressure of COVID-19, this transition would undoubtedly have taken a much longer time, but there are opportunistic scammers who are taking advantage of the confusion and lack of adequate security measures in place.
Employees working from their homes are extra vulnerable because, well, they are at home, and therefore it stands to reason that their guard might be down compared to when they are outdoors.
“In normal circumstances when you’re working from home you may have a dedicated office space, the children may be at school and your partner may be working elsewhere,” said Brian Honan, CEO of cybersecurity firm BH Consulting.
“During a pandemic, people are a lot more distracted, stressed out, worried and anxious for information, so it’s not really working from home: it’s working through a pandemic. Criminals will be leveraging off that.”
Most office communication is now taking place digitally as well, exacerbating the chances for email phishing attempts. Since phishing scams require people to click on bait links to access or infect their systems, sending out large quantities of emails pretending to be an inter-office communique is a ‘good’ way to gain additional clicks on sham links.
Lack of remote cybersecurity readiness
As mentioned before, the mass migration to remote working practices has been taxing IT security teams of most organizations, and in many cases, has caught them completely unawares. Many companies simply did not have the IT resources in place for such a major transition.
Overnight, many staff had to begin working using personal devices, IT teams were not able to physically secure these devices as many countries are actively posing movement limitations. Cybersecurity specialist Ed Tucker, co-founder of Human Firewall, said the best means to combat this lack of preparation is to stay constantly in communication with the IT pros, and to prioritize vigilance among all employees who are working remotely.
Counter-security measures need to be “small, incremental-improvement focused,” according to Tucker.
“Raise awareness through as many means and mediums as possible. However, cognizance of the current upheaval most organizations are in the midst of [sic] must also be in mind. It is very easy to overload people but getting short sharp messages out regularly to staff about the potential threat from such phishing emails will help.”