Two events will shape everyone’s memory of 2020: COVID-19 and humankind’s increased dependence on the Internet across the world for business and personal use. According to The Internet and Television Association’s COVID-19 dashboard, since early March, downstream Internet usage (includes receiving emails and downloading files) has grown by 21.6% and upstream Internet usage (includes sending emails and uploading files) has seen a whopping growth of 40.9%. This unprecedented spike in Internet usage has resulted from the surge in work from home guidelines that have impacted every industry and business. The result? Your organization is now more susceptible to cyber-attacks than ever before primarily due to an increase in remote workers, reliance on secured Internet connections, and e-mails as the primary source of correspondence.
In the news recently, Microsoft reported an increase in nation-state actors who use spear-phishing attacks for credential theft by impersonating World Health Organization representatives. With artificial intelligence and advanced bots, sophisticated phishing emails prey on the unforgiving element of human error within your organization, by eliciting fear or urgency. Often times, hackers use familiar companies to make you feel comfortable or leverage believable stories to trick you. Such as, recent account activity or recent transactions that you may have made. Be aware that phishing emails will frequently have language that contains misspelling or which seems out of place, as well as use generic language such as “to our valued customers” or “dear sir/ma’am.
Below are further guidelines to help protect you and your organization from phishing attacks:
- Be cautious when clicking on links or opening attachments in emails, and don’t click on any links from senders you are unfamiliar with.
- Do not provide personal or company information when contacted via email, make sure to verify the email address or contact the sender directly to confirm the legitimacy of the request.
- Most importantly, trust your instincts if something seems suspicious delete the request and try contacting the sender.
While employees are your organization’s greatest asset, they can frequently be the weakest link in keeping your organization secure. Bad actors are specifically using breaking news stories about COVID-19 and vaccines to lure your employees into clicking on malicious links or visiting illegitimate websites as it is a topic everyone currently has on their mind. Keeping your employees trained and actively running phishing simulations for them to practice what they’ve learned through the training will help you combat your heightened risk of a successful phishing attack from occurring.
Continuous employee education and benchmarking through simulated phishing schemes is one of the most effective ways of addressing this risk. An on-going security awareness training with built-in phishing simulation attacks enforces the security threats learned by providing real-time threat attacks that you can analyze to better identify the risk threshold of your organization. Have questions related to steps you can take to enhance your organization’s security awareness? Contact us today.