How To Educate Your Employees So They Won’t Be Fooled By Coronavirus Hacks
With Coronavirus, or COVID-19 all over the news, it was only a matter of time before malicious actors exploited the pandemic for their own gain.
Numerous organizations have reported coronavirus-related phishing scams. Various parties have been blamed for spreading everything from disinformation to Emotet malware. Malicious email campaigns have been sent on a huge scale purporting to be from experts such as the World Health Organization, which cynically trick users into clicking links, downloading files or sharing credentials – all of which can have disastrous consequences.
Employees, who are already receiving legitimate coronavirus-related emails from their HR departments, are at higher risk than ever. Working remotely from home compounds the problem even more.
Employees Are Human
Employees are not machines that can be programmed to react consistently. Since they are now more stressed than usual thanks to doomsday headlines, they are more vulnerable to phishing and malware scams that target their pain points and take advantage of their fears.
For example, an email doing the rounds scares users with fake AIDS results, not to mention coronavirus-themed shocks. This climate of uncertainty is exactly what the attackers want to exploit: humans make less-informed – that is to say, worse – decisions when under stress. That’s how otherwise smart, well-educated employees can suddenly find themselves clicking on a coronavirus phishing email – and compromising your network in the process.
Working From Home – Increased Risk
Another factor increasing the impact of coronavirus hacks is the disruption to routine. Flights have been canceled en masse. Thousands have been told not to come into the office, but rather to work from home – including all Google employees in North America.
Not only does this disruption to routine affect decision-making, but it also means that users don’t have access to the security measures they have come to rely on at their offices. For example:
- Not all companies have Virtual Private Networks (VPNs), and even if they use a VPN, it’s not 100% effective
- Employees might be using their home computer, with no end-point security and no dedicated email security
- Employees might have standard security measures in place – such as O365 E3 or Dropbox Enterprise Security – without realizing that this does not protect them from all threats
- The use of communication platforms such as instant messengers and shared drives is likely to dramatically increase
- Other conferencing and productivity apps’ usage will spike, such as screen sharing tools, video conferencing platforms and other corporate collaboration tools
- So much so that Microsoft has offered its premium Teams platform for free over the next six months while Google is making the premium version of its Hangouts Meet workplace video chat tool free until July
The increased reliance on these productivity tools coupled with the lack of security offered by a traditional office setting poses a massive security risk to organizations.
How To Protect Employees
Keeping your employees protected – and by extension your entire network – is no easy task. The best possible protection will leverage a combination of technology, including the latest cyber defense tools, together with awareness and education around coronavirus scams.
Education and Awareness
Educating employees can go a long way towards increasing your organizational security. Now more than ever, it’s critical that you as an employer emphasize the importance of these instructions. While only part of an effective overall solution, the following should be addressed when educating employees:
- Educate your employees about the coronavirus related scams that are out there, so they’ll be aware and therefore more cautious around any type of corona-related communication
- If possible, show them real-world examples
- Educate specifically around how to prevent ransomware attacks
- Try these templates to help spread your important message without creating confusion (note the Ransomware attack and Phishing templates specifically)
- Ask them to read coronavirus-related instructions from official websites only
- Of course, remind employees not to open or download files from an email address they don’t know
- Have employees be aware of what constitutes a suspicious request, such as any request for account credentials or strange downloads
- Remind employees the alert procedures so that employees know how to alert their administrator to any suspicious emails or unusual activity
Technology and Cyber Security
Education is important, but without an effective cyber security practice behind you, your organization is highly vulnerable to coronavirus – and other – cyber attacks. When choosing a solution, you should ensure that:
- Protection is effective independent of employee location and office facilities, and that all collaboration channels are covered
- Remember these channels are going to be used significantly more due to the decentralization of the workplace thanks to coronavirus, and therefore extra care is required here
- Since 92% of malware is delivered via email, protecting users’ email is critical. Use an attack-agnostic email security solution, ensuring it detects malware pre-delivery
- Do this for all collaboration channels that are used when working remotely, as an attack is highly likely to come via Google Drive, for example
- Even if you are working from home, you can check your current corporate email security posture with BitDam Lucky Meter
- All the tools employees communicate with are protected, including:
- Email (covering attachments and URLs)
- Cloud drives (Google Drive, Microsoft OneDrive, Dropbox etc.)
- Enterprise Messaging applications (Teams, Skype, Slack etc.)
- Additional digital communication tools
Many tools protect certain aspects of employees’ day-to-day computer usage, each with varying degrees of success. This makes implementing a comprehensive security solution covering all malware detection and prevention scenarios an essential priority for organizations of any size.
Your Comprehensive Cyber Security Partner
To ensure your organization is secure, you have to continuously test its security posture. This can be done, even from home, using BitDam Lucky Meter which continuously tests your email security against the latest malware samples from the wild.
Deploy it for free and get a sense of your security posture – especially in these crazy times of coronavirus hysteria.