The last two years have seen a significant shift in how we function, notably with employment. COVID-19 changed the way businesses operate and with that, how to best help employees protect themselves online not only for work, but personally. A recent Harvard Business Review report, sponsored by DXC, stated that 52.4% of participants were concerned about their inability to detect and prevent data theft.
Phishing related attacks have been identified as a successful way for cyber criminals to target individuals and organisations are becoming increasingly more common. The use of fear or urgency is commonly used in emails sent to individuals, and are designed to invoke a quick response. Cyber criminals utilise topics such as COVID-19 or replicate emails to look as if they are sent by well-known companies, for example; telecommunication providers and delivery service companies are commonly used to trick people into clicking on links or downloading files. Most of the phishing attacks individuals receive at work or in their personal in-box are sent at random and rely on a small percentage of people to click on the links.
Types of phishing attacks includes
Most organisations invest a lot of time into cyber security awareness training, particularly to protect the business from phishing attacks and to ensure the right support mechanisms and security hygiene is in place.
However, it is important employees understand training alone does not fully protect an individual either at work or home. Consistent deployment of cyber security training exercises, such as regular phishing tests and ongoing cyber security awareness initiatives, are effective and help foster a security-first culture that encourages employees to action suspicious activity.
By encouraging employees to come forward and report suspicious emails, report that they have clicked on a link, downloaded a file, or supplied information, organisations are able to respond to incidents quicker and remediate accordingly.
Through initiatives that support individuals to take action at work, they are more likely to implement these practices in their everyday lives. Promoting discussions with friends and family members will increase awareness of common attack attempts and help keep the community safe against phishing.
With the increased move to remote work, it can be difficult to separate work from home, particularly when it comes to technology. It is important to continue to educate employees about the fast-changing landscape, staying vigilant about suspicious emails and text messages and reporting them where possible.
Do Your Part. Be Cyber Smart.