Many organizations lacked the time needed to sufficiently prepare their systems and workers for the massive shift toward a remote workforce in response to the COVID-19 pandemic. As such, significant cybersecurity vulnerabilities have arisen, increasing overall phishing attacks by 700% since the end of February. Furthermore, the Federal Trade Commission has received 18,235 reports related to COVID-19 since April 15, and people reported losing $13.44 million dollars to fraud via, texts, phone and emails. Taking these basic, proactive security measures can help safeguard your business, employees and customers for the long run.
What information do employees need to help identify spear phishing attacks?
- Look for red flags, such as:
- Sender discrepancies. Specifically, see if the sender’s email is from a legitimate domain that matches their email address. For example, the sender is from “ABCdomain.com,” but their email is “ABCCCdomain.net.” You can do this by hovering over the email or looking at headers to see where they are sending from.
- Be extra cautious when clicking on any links. Attackers will often disguise commonly used links (such as Amazon, banks, and company portal logins). Assume that not every link is legitimate and do not click on the link, rather go to the site in a separate web browser to check any information.
- Do not click any suspected attachments (PDF, Word, or Zip files). If a contact seems to be requesting that you click on any of these in an instance that appears to be out of the ordinary, call them to confirm their email account has not been compromised.
- Pay attention to grammar and structure. Since a lot of attackers reside overseas and English is not their first language, poor grammar and spelling can be a clear indicator.
- Be wary of requests for personal information, such as your mailing address, passwords, or account numbers. This valuable information should not be sent over email. Threat actors can leverage even small pieces of information, such as a zip code, to use against you and in some cases reset accounts.
What cybersecurity tools should your company deploy to protect the business, employees, and customers from ransomware?
- Establish a channel for employees to easily report spear phishing attempts, such as creating distribution lists on promoting these attempts to IT. It is also important to develop an easy way for you to respond.
- Ensure all systems, especially internet-facing and cloud-based, are vulnerability free.
- Confirm that endpoint detection and prevention tools are being utilized for visibility if a user accidentally or unintentionally clicks a malicious link.
- Deploy two-factor authentication on VPN, applications and email.
How CyZen can help.
In a time when Google blocks nearly 18 million COVID-19-related scam emails each day, consulting with a cybersecurity expert can help you implement the aforementioned steps among other simple strategies to fortify your business. Our experts are adept at providing the following:
- Alerting clients on red flags of phishing as well as providing common examples that are seen in these times.
- Providing spear phishing simulations to test users and their aptitude.
- Deploying the latest and greatest technology to remotely monitor users' systems to detect and prevent malware like ransomware. The goal for many organized cyber criminals is to deploy ransomware as a means of monetizing their efforts for a payday and leaving their victims desperate to get their systems back up. Notably, security researchers at Carbon Black noted a 148% increase in ransomware cases through the pandemic.
For most, cybersecurity is not considered an issue until, well, it is an issue. Unfortunately, by this time it’s too late—costing a company devastating financial and reputational damage. Now is the time to dam any gaps in your systems and networks to protect your newly remote workforce. Please contact a member of the CyZen team with any questions you may have regarding your current situation.
Message Us 212.842.7005
Sign up for Our Blog!
* All fields are required