With the world still in the grips of the COVID-19 pandemic, it’s become clear that the way we do business has changed forever. Gone are the days of sealing a deal with a handshake and so too, it seems, is the traditional working environment. In this article, we’ll dive into how the outbreak has caused a re-prioritization in business needs – specifically with cybersecurity training.
Companies are increasingly switching to work from the home models in an attempt to keep their employees safer. According to Statista, Microsoft reports an increase of 31 million users of their workplace communications app in the last month alone.
As you’ll see in the chart below, there’s been a significant uptake in users of the platform since the pandemic started.
Microsoft attributes this sharp rise in users to the increase in remote working thanks to COVID-19. That, in turn, raises another interesting point. Are businesses taking the right cybersecurity measures before sending their employees home to work?
According to cybersecurity education company, Cybint, cybercriminals are taking full advantage of the panic created by the pandemic. One example cited by the company was related to statistics from Johns Hopkins University being co-opted to spread malware.
Cybercriminals will copy official statistics from Johns Hopkins and create a fake document and email. The email may prompt users to register for official updates. Naturally, the user clicks through to a site loaded with malware.
This could be in the form of keylogging software, ransomware, viruses, or any other form of malicious software.
Cybint also warns that bad actors might use advertisements for medical equipment, etc, as another way to get the unsuspecting public to take a second look.
Employees Won’t Necessarily Recognize These Emails
What’s frightening for businesses, is that phishers are becoming increasingly sophisticated. According to the FBI, 2019 was a record year for the United States in terms of cybercrime. Losses reported to the agency increased by 0.8 billion between 2018 and 2019.
Of more concern is that the FBI reported that phishing was amongst the most commonly applied techniques. It also seems that phishers are becoming more sophisticated, making it harder to spot phishing emails.
Add in the panic caused by this pandemic, and you’ve got a perfect storm. Not many employees understand how to spot a phishing email. They look for simple indicators like spelling mistakes, or bad grammar.
The fact is that the best phishers don’t make these stupid mistakes. They spend time crafting their emails and making them look 100% legitimate. They’ll impersonate a well-known organization and perfect every detail from the logo and letterhead to an email address that’s almost identical to the real thing.
If an employee’s in a rush, will they notice that two of the letters in an email address are reversed? Do they understand the potential attack vectors that a phisher might employ?
An email from Johns Hopkins University out of the blue might raise some red flags. What happens if Human Resources sends out a request for timesheets or a memo about the new work schedule? How many employees would click through without a second thought?
What’s the Solution?
A good anti-spam program will filter out the worst of the phishing emails. That’s only going to get you so far, though. Professional cybersecurity training, such as that offered by Cybint offers defense against emails that might make it through the net.
Covid-19 has made it imperative for some businesses to allow employees to work from home. Sending your staff off without a second thought about cybersecurity is like sending a soldier to battle without a weapon.
No one cybersecurity measure is 100% effective all the time. Shore up your defenses by adding professional cybersecurity training into the mix. The better your employees understand the risks, and how to avoid them, the more secure your company is.