As our jobs are changing due to the pandemic; cybercriminals' practices are also changing to take advantage of new opportunities. What are those opportunities? How will their new game plan impact you and your company's security?
In this article, we will look at how cybercriminals have changed their tactics and what you should be looking for to avoid their traps.
Security risks exposed by ‘work from anywhere’
Early March 2020 in the United States found most people commuting to their office and working on company-issued workstations. Once the pandemic came into full swing the work environment changed drastically with nearly everyone utilizing remote software to work from home.
Utilizing remote software increases a companies threat surface by adding more hardware to the equation. The hardware being used to access company assets is typically not company-owned and therefore not controlled by the company. This presents new opportunities for cybercriminals.
Personal computer security risks:
Security Stack: When working in an office there are multiple layers of security keeping you and your data safe. Many home users get a computer > turn it on > assume once updated everything is secure.... it isn’t.
Number of users: I have 3 boys who will click on anything and everything if it looks shiny. I also have a wife who hates remembering passwords (I won’t tell you how she handles that problem...... :)
These numbers are telling of where cybercriminals are shifting their focus. Now that personal computers are being used to access corporate networks; cybercriminals are focusing their efforts on this less secure entry point.
OK.... but what do these attacks look like
91% of cyberattacks start with a phishing email. What does a phishing email look like? Below are a couple of examples:
If there is a link in an email and you don’t personally know the sender OR it is worded in a way the sender wouldn’t normally communicate; don’t click the link or download an attachment. If something looks off; it probably is.
Taking action on this email would have given you the coronavirus (a mask wouldn’t have helped this one)
The request to click a link to get more info seems legitimate mostly because it is well worded and has an official look. Don’t be lulled into thinking its safe.
An email pertaining to business will typically be from a domain related to the company. If it’s: @gmail.com, @live.com, @hotmail.com, or @yahoo.com (like above) it should not be trusted without further investigation.
You’ll notice that there is no action to take on this email other than replying. So what could happen if you reply....
A typical email reply from a company email account will have your company signature. From that they can get a lot of information about your company (location, name, department)
With a known active email signature cybercriminals can easily recreate that signature and start phishing your customers and vendors
It will flag your email as active. Known active emails can be sold.
My personal email practice, if the email appears legitimate, is to go directly to the website where the email wants me to take action (verify password, check account status, review my extended warranty....) doing this alleviates clicking on links or downloading a form (aka virus) from an email.
At this point, you could start adding cybersecurity terminology to your resume, but I still wouldn’t challenge the IT Cave dwellers just yet.
In part 3 of our cybersecurity series we will look at cybercriminals' ultimate target and how breaches affect those companies.
I know you are all waiting on the 4th and final entry in this series where we will look at what you can do to protect yourself from cyberattacks. With the first 3 articles under your belt you will have an understanding of how cyberattacks are initiated and how likely you are to be targeted; making that final article impactful and easier to understand.
Stay tuned for the last 2 cybersecurity articles coming soon....
Matthew worked with Agave IT Services as a Brand & Content Consultant through 2020. He managed our company transition from Agave Solutions Inc. to Agave IT Services (dba).
From our Logo to our online presence and business operations platform; Matthew created a solid foundation able to support our growth into the future.
You can find
Agave IT Services
We are an IT Services and technology company serving the southwestern United States since 2003. We specialize in supporting, managing, and deploying technologies for the AEC industries' unique requirements. We differ from the typical IT service provider in that we handle ALL your technology needs, freeing you to focus on your core business.