A world of remote wokers - Every cyber criminals dream
In recent years, there has been a rise in organisations opting for a more flexible approach to working from home. Ensuring a strong cyber security posture is maintained with employees working remotely has always been a challenge. With the recent outbreak of Covid-19 (Coronavirus) forcing many Irish organisations to adopt this policy at short notice, this challenge is now widely felt.
It is well documented to date that cyber criminals aren’t taking it easy on organisations given the current situation, in fact quite the opposite. As companies are rushing to move their operations and staff online, cybercriminals are ramping up their tactics to take advantage of those who as a result, may have an inadequate or compromised cyber security posture as a result.
We are seeing a marked increase in phishing emails, especially ones themed around Covid-19. We have seen hackers using the current confusion and panic to their advantage, sending phishing emails offering advice on Coronavirus and how to combat it are widespread at the moment. One of our clients received emails which were sent company wide pretending to be from the CEO, in which they were telling all employees to work from home and to find further details via clicking a particularly safe looking URL.
Phishing - How does it work?
Phishing is one of the most commonly known and used forms of cyber attack, where hackers send targeted malicious emails pretending to be from trusted sources.
Phishing emails can have many purposes; the most common goal is to extract sensitive information such as login information from the recipient. However, some phishing emails also include links or attachments that if clicked can infect the recipients system with malware, which can then be used by attackers to gain access to the users computer from the attackers’ remote location.
What can you do to reduce the risk?
The most effective way to reduce the risk phishing attacks pose to your organisation is through staff awareness. The success of a phishing campaign hinges on human interaction, by making your staff aware of what phishing emails look like, how to spot them and what to look out for, can greatly reduce the threat to your organisation.
Also, key to combating the threat of phishing is having a plan in place to ensure all staff know what to do if they believe they have received a phishing email, the common misconception is to ignore them. However, the best course of action is to alert the IT teams within your organisation to suspect emails .
Once the relevant IT teams have been made aware, they can begin to investigate how this email got past filters, what they can change to reduce the chance of receiving similar emails, and in the event of an incident start any incident response strategy. By escalating potential phishing emails and making colleagues aware of their existence will put them on alert, increasing their vigilance which in turn will help maintain a robust cyber security posture through team effort.
Secure what you can!
With a significant reduction in on-site presence, organisations need to ensure devices are secured and protected against theft and tampering. As an example, desktop workstations which are currently sitting idle need to be encrypted and shut down. Whenever possible lock devices away securely as opposed to leaving them out unattended on desks.
Companies also need to maintain secure networks and infrastructures as much as possible. With many employees currently working outside the standard office perimeter, managing devices and securing all endpoints, becomes a much bigger challenge. Many security teams will feel like they are losing control over their environments, getting to grips with this and knowing where to start can be tricky. As a first step to securing your perimeter we recommend carrying out a Vulnerability Assessment, this will allow IT teams to focus on a prioritised list of risks currently threatening the organisation.
When it comes to Vulnerability Assessments, Secora Consulting goes the extra mile. We believe that instead of just carrying out automated assessments, organisations should have findings manually verified by an experienced tester. Manually verifying all findings will provide you with peace of mind that there are no false positives, while ensuring any remediation work planned by your IT team will directly improve the organisation’s overall security posture.
Secora Consulting is here to help!
If you have any questions or are unsure if the steps you are taking to help keep your organisation secure during this period, please reach out to us.
Secora Consulting was set up to assist organisations with their cyber security requirements. We understand the challenges many companies are currently facing are unprecedented. Our goal is to improve your cyber security operations, providing peace of mind in this ever-evolving threat landscape.
Our experienced consultants can tailor all of our services from phishing campaigns to a full in-depth penetration test to meet your organisation's needs and simulate threats and attack-vectors your company is likely to be exposed. This will provide you with comprehensive reports and actions you can take to immediately reduce your exposure risk.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.