New phishing lures, that use coronavirus as the hook, are emerging every day. Businesses needing protection being are offered free business-wide resistance tests to identify potential weaknesses.
Cyber Risk Aware is offering free Covid-19 Phishing Tests to help businesses defend their network against increased cyber threats during this coronavirus pandemic period.
At a time when businesses and individuals are more vulnerable, many working remotely to mitigate the spread of this pandemic, organisations need to pull together for the greater good.
Keeping businesses operational and protecting work forces from escalating threats should be a global consideration and a united collaboration.
Increased Covid-19 phishing scams
A time of crisis is unfortunately a haven for others, with hackers capitalising on the fears and vulnerabilities of the coronavirus outbreak.
There is a huge spike in phishing email scams featuring Covid-19 lures, spoof government tax refunds and numerous fear mongering messages that, encourage click throughs that lead to the revelation of personal data, bringing whole IT system networks down at the touch of a button.
The recent Czech Hospital cyber-attack saw an entire hospital shut down as a result of a compromised network with devastating damage at this critical time.
A time of uncertainty has led a path to unprecedented behaviours. With the majority of the workforce now encouraged to work from home, the risk of businesses experiencing a cyber incident is significantly increased.
Therefore, it is imperative staff and businesses are prepared and protected from these very present cyber threats as best as possible.
Do’s and don’ts for working remotely
As well as implementing Cyber Risk Aware’s free phishing tests within your business, there are other best practices all businesses should put in place to ensure your remote workforce is helping you protect your business, your data and your reputation.
Do’s
- Be extra vigilant to Covid-19 phishing scams – run the free phishing campaign to assess risks, deliver awareness and train your staff.
- Use secure company provided systems – ensure cloud-based systems are patched and don’t use personal accounts.
- Be prepared and equip your staff. Provide encrypted up-to-date devices with patched applications, and VPN’s to access your company’s internal systems.
- Put protocols and processes in place should a cyber-attack take place to minimise impact. Cyber Risk Aware offers PhishHuk, a free outlook plugin, which staff can use in their email ribbon to report phishing emails to IT security.
- Have clear lines of communication. Avoid social media and Whatsapp when revealing sensitive data. Ensure your company is set up with secure best practice communication channels.
Don’ts
- Don’t take the easy route. Shadow IT – a term used for downloading unapproved software, is an increasing threat to cybersecurity. This can include Macro for excel or software to grab screenshots for example.
- Don’t connect to public Wi-Fi. Instead use a company provided VPN or mobile data if accessing sensitive data.
- Don’t allow the use of personal devices as they are often insecure and vulnerable to cyber-attacks.
- Password protections and encryptions are key. On devices, files and data.
- Don’t forget to backup data centrally. Be it the concern of a system crash or the risk posed by a ransomware attack, ensure all backups are made daily, to a central location and that restores are tested regularly by IT staff.
Now more than ever, security teams should run simulated phishing tests to raise awareness of what a real attack will look like and inform staff what to do in the event of receiving a suspicious email.
At a time when you need to conserve your cash, this can only help to ensure you are not victim to ransomware or hefty data breach fines.
To register and run your free Cyber Risk Aware test phishing campaign, using one of our new Covid-19 phishing lures click here.
