When the Coronavirus crisis loomed large, organizations were quick to adopt telecommuting or ‘work from home’. Unfortunately, the large-scale exodus to remote operations meant most businesses had little time to institute systems and processes for accessing, storing, and sharing data. Corporate networks, too, are in the process of being configured for the ‘new normal’ of work from home. That is, if you don’t have professional IT consulting service providers looking after your network.
Perhaps the greatest cyber threat in the aftermath of this has come from socially engineered cyber attacks. Specifically, there has been a multi-fold increase in phishing scams trying to take advantage of disrupted communications. How can you keep your company and your employees from falling prey to such scams?
What are phishing scams?
Phishing scams are motivated by financial gains, access to information and penetrating network weaknesses. Phishing is a type of socially engineered cyberattack, which means attackers will try and manipulate relationships and social norms. Fake emails, threats of ‘legal action’, tech support scams, social media manipulation and communication mimicking vendors’ are all ways of inducing a phishing scam.
Once attackers have the user’s attention, financial demands may follow, malware and keyloggers may be installed, or confidential information may be asked to be shared.
Popular socially engineered attacks especially during Covid-19
- Fake CEO emails
- Recruitment emails
- Emails pretending to be from insurers
- Emails and calls pretending to be from the CRA and Service Canada
- Embedded malicious links in emails
- Spoofed ‘From’ addresses to pretend to be from reputed companies
- Calls and communication from people pretending to be from a known company
How to Protect Data from Being Compromised by Phishing Scams
Training – Phishing scams are made possible by weaknesses in workflow and a lack of vigilance by employees. Corporate security training for employees is tremendously helpful at preparing employees for the different ways an attacker might try to gather information from them.
Regular drills – Conduct mock phishing exercises to test out your organization’s readiness. Our IT professional services team can run drills for phishing that can impact your company most.
Multiple verifications – Institute a system of verification if and when confidential or financial information has to be shared with a third party. This is one of the most effective ways of stopping phishing scams.
CI audits – Regularly audit sensitive information to ensure its integrity and safety. A professional IT consulting service can establish a protocol for accessing and sharing data too.
HTML email – Convert HTML emails into text-only emails. This can protect you from misleading graphics and links. A bare text email is easier to identify as genuine or fake.
Spam filtering – Professionally managed email systems employ powerful spam filters that are updated very regularly. This are far more effective at detecting spam than an ordinary spam filter part of internet email.
Online backup storage solutions – A good solution will make your online backups easy to access; a great one will keep them safe too. Encryption and VPN access are just a handful of technologies that can be used to protect data.
IT Consulting Services
Speak to our IT professional services to find out how we help clients in Mississauga prepare against phishing attacks. NUMENTIS offers extensive networking, online backup storage solutions and training to make your organization into a virtual fortress.