As the Coronavirus outbreak forces users to work from home, organisations are now faced with tackling the cyber security challenges around widespread remote working.
The two biggest challenges are the rise in Coronavirus-related phishing email attacks and users connecting via VPN using personal devices, so let’s take each one in turn.
Challenge 1: Coronavirus phishing attacks
As with any major incident, cyber criminals will look to take advantage of fear, uncertainty and doubt. The Coronavirus outbreak is no different.
Over the last few weeks, we’ve seen an increase in the number of phishing emails enticing users to enter their Office365 credentials in order to view the latest information, cure or tax refunds.
The difference with these latest threats is they’re focussing on users working from home. Cyber criminals are counting on these users being more susceptible, as they’re adjusting to new work routines and may be less vigilant when it comes to recognising phishing emails.
How your organisation can protect users
You can protect users by employing various cyber security strategies including:
- Multi-Factor Authentication
- Email filtering with URL protection
- Modern browsers
- Phishing education tests
Another simple measure is to customise your Office365 subscription login page. Whilst simple to replicate, most cyber criminals will have a generic login page, so your users will quickly be able to identify whether they are on your organisation’s login page.
It’s also important to continue educating users – below are some messages to share, so users can protect themselves and your organisation.
Messages to users: what to look out for
- Instructions on how to login to Office365. Logging into Office365 is no different when you’re working from home. You should see the message - Taking you to your organisation’s login page – after which you are prompted for your email and password.
- The domain in the address bar of your browser. It should be the same as organisation’s domain. Look out for slight modifications such as Node4co.uk instead of Node4.co.uk.
- Emails with a link which then asks for a login. In order to read the email in first instance, you’re already logged in and therefore will not be asked again.
- Emails from a colleague. Cyber criminals posing as your colleagues may ask you to validate that they are logging on to the right page.
What to do if you suspect breach
If you have entered your details and suspect wrongdoing, then contact your IT team immediately and explain what has happened. This will allow them to reset your password.
If you suspect your account has already been breached:
- Check your inbox rules. A tactic of the cyber criminal is to create inbox rules which prevent you from seeing incoming messages.
- Check sent items for emails which you did not send. Again, if you suspect wrongdoing then contact your IT team immediately.
Challenge 2: Personal devices on VPNs
Users may be connecting via VPN from home with their own devices to access applications within your organisation’s network. You should consider this device unsafe, as it falls outside of your control and may not have up-to-date anti-virus software. It poses the risk of a virus spreading to other devices within your network.
If you’re concerned that this may be happening within your organisation, ask users to install a new anti-virus product like ESET. Node4 can provide a free 30-day trial of ESET, so if you’d like to try it, please get in touch.
As experts in securing business operations, data and information, we’re here to help during these testing times, so please do not hesitate to contact us should you require any assistance.