A pandemic brings out the worst in some people. As businesses must move staff to a virtual workplace environment, bad actors are trying to withdraw digital assets, money, and identity from people and companies. Read part 2 of this article here.
Knowledge is the only defense against these cagey exploits meant to breakdown people’s security barriers.
A remote workforce forces people to use home equipment and Internet access to perform their jobs. This two-part series reviews two domains of high-risk cybersecurity threats. The first is people understanding the benefits and practice of good security habits. The only way to accomplish this is to educate the remote workforce. Education sessions on what are social engineering scams and what are the prevalent email phishing and text message SMiShing exploit scouring into view. Give insight into how fake social media accounts that impersonate colleagues or friends, robocalls, and Facebook Messenger are a potential pathway to a hacked account. All this gives people knowledge on how to protect themselves and their companies.
The second is the basic nuts & bolts of technology. A firm needs to assess its security with technology when people work remotely. Employing certain cybersecurity practices lowers the risk for the employee and the company in becoming a victim of a security breach. Lately, the home router is a favorite target of bad actors because of weak administrator passwords, and someone enabled remote administration on the devices. Not only is this scenario dangerous for the virtual workplace, but there are a lot of potential wide-open doors for bad actors to walk through and become a risk to the firm.
Part one of this article addresses the power of knowledgeable people.
The more knowledge people have, the more prepared they are to act when confronted with the challenges faced by them. Working from home requires a need for consistent communication. Less communication creates a vacuum, and people become vulnerable to poor decision-making because of the informal atmosphere. Social Engineering scams are precisely how bad actors take advantage of the work at home environment to prey on people.
What is social engineering in the context of security? The Oxford dictionary describes social engineering as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”
As you continue to read, keep this motto in mind:
“Think it B4 U Click it!”
With the rising escalation of the pandemic, robocalls are occurring more often. Even with spam detection apps from the carrier, the increasing number of calls is above average. The home phone included.
The solution is don’t pick up the phone. Let any calls that come from UNKNOWN NUMBER or NAME go to voice mail. If the call is a valid person, they will leave a voice message. Additionally, picking up the phone from a robocall tends to spread the phone number to other robocallers.
The other step to take in protecting against robocalls is to upload and keep a current contact list on the mobile phone. When someone from the contact list calls, it will display their name and is safe to answer.
Phishing & SMiShing
Email and text messaging are a favorite source for scams. Phishing is using email as bait to capture a victim. SMiShing is using text messaging or Smart Messaging Service to throw out the bait for the next victim. When it comes to email, do not click on any links, attachments, or pictures unless the sender has communicated to expect them. The same goes for links or images in text messages. Just don’t click it.
The consequence of clicking before thinking is now a bad actor has login credentials from some bogus site, which is likely delivering malicious software onto the computer or mobile device.
Just in the last two years, I’ve seen multiple times where staff and agents have given unlimited access to their email to a bad actor. Unfortunately, the email usually contains personal information about other people. This was within the walls of a company, imagine the challenges in a virtual workplace.
Every social media channel and email platform allows anyone to create an account. Validation of a person’s identity by any of these programs is worthless and/or is non-existent.
Two days ago, I received a ‘Friend’ request from a colleague of mine. This request was weird, as I knew we had connected on this particular social media platform a long time ago. I quickly sent a text message to my colleague and inquired if they had set up a new account. As I suspected, my colleague did not create the account.
The red flag for me on this fictitious account was that the profile contained the same birthday as my colleague. Same name, born on the same day? I don’t think so. Additionally, several of my colleague’s friends made a connection to the fake account. Time to warn those friends as well.
Even if an email, friend request, or Facebook Messenger looks like it is coming from someone you know, stop and think about it before clicking it.
A big warning about Facebook Messenger: please do not don’t click on images, files, or links from anyone sending a message through FB Messenger. A FB friend’s hacked account is now sending out pictures, links, and attachments with a very well-crafted coronavirus message.
The consequence for clicking before thinking runs the gamut of losing the social media account – which now makes friends to the account an easy target – to malicious software installed on the device.
Communication During a Pandemic
This article has mentioned how important communication is in reducing the risk of security breaches and compromised systems. It is even more critical as this coronavirus pandemic is sweeping the globe. Without interaction, a remote workforce can feel like being stranded on a desolate island. The more a firm communicates, the more people stay engaged and informed, which leads to making them feel like they belong to a team.
This article only has a sampling of the security risks a firm faces every day. WAV Group has a mountain of stories to shares we can share about security. Another area WAV Group excels in is helping firms to communicate. WAV Group provides a one-hour private virtual session with your team. The purpose is to educate them on how to keep them and the company secure. It is a non-technical presentation designed to inform staff and agents. The session includes:
- Bring Awareness to Social Engineering
- Understanding the Risks Associated with Email and Text Messaging
- How to Protect Yourself from Being Phish Bait
- Security Best Practices
Read part 2 of this article here.