Since the COVID-19 pandemic heavily shifted work patterns for millions of people around the world, one of the biggest changes, particularly among white collar workers, has been a move towards working from home wherever possible. As a result, millions of employees are accessing sensitive corporate networks from outside secure office settings. Naturally enough, this creates a wonderful landscape of opportunities for cyber attacks–especially through email phishing.
How Phishing Threats Evolved Since 2020
Phishing is defined as an attempt to dishonestly obtain sensitive information–such as banking details and login credentials. It is typically from someone impersonating a trusted entity through digital communications. Just like any aspect of IT and digital media, phishing attempts evolve as well. Between 2020 and 2021, they’ve done so in two crucial ways:
First of all, a phishing attack is most commonly done through the more formal landscape of email communications. But attackers have effectively adapted their tactics to include other platforms like social media, messaging apps and even phone calls. As long as the underlying aim of tricking someone into handing sensitive information over to a source pretending to be legitimate is achieved, all of these digital mediums are fair game.
Secondly, the use of all these mediums–especially email–has evolved dramatically to revolve around the COVID-19 pandemic. The general atmosphere of frequent legal or political uncertainties, shifting corporate remote policies and turbulent news cycles about pandemic regulations have all caused a flood of genuine official communications related to the situation. Each of these has been an opportunity for cyber criminals to imitate authentic looking messages for their own data fraud attempts. Examples abound, including spoofed tax emails about COVID deductions, vaccine sign-ups from emails pretending to be health authorities or even messages imitating logistics companies about new payment fees or policies.
At-home employees are already stressed by their existing changes in work and life routine. Therefore, they can be especially vulnerable to these kinds of phishing attempts since they lack access to a nearby colleague who can help them discern real from false.
Best Practices for Cutting Phishing Lines
Despite the above, phishing threats can be neutralized. Companies themselves can offer information sessions with their staff about the dangers of phishing and how it has evolved in the last year.
Other fairly economical data security countermeasures could include requesting that employees only share sensitive information or log into their work accounts through closed VPN services or with work-specific devices. Adding the use of multi-factor authentication to any devices or accounts is another robust step that many companies can implement.
Businesses can and should take a layered approach to their company’s security, with widespread email authentication and careful monitoring of communication endpoints.
Getting Help from Trained IT Professionals
Companies, such as Great Lakes Computer Corporation, are staffed by trained professionals who know how to deliver effective, strong managed IT services. Services by Gateway, such as their email security solutions, combine professional expertise with powerful AI monitoring technology to help eliminate phishing techniques such as social engineering attempts and impersonation attacks via carefully disguised false email messages. Contact us and we can help protect your business and your employees easily.