Phishing Attacks in 2021 Trending Due To Pandemic

credit card phishing - piles of credit cards with a fish hook on computer keyboard

Hackers have made some nefarious choices over the past several months, many of which involve using the COVID-19 pandemic to spread their influence and steal data through the use of phishing attacks. Let’s explore how these cybercriminals have leveraged a global disaster to their benefit and some ways that you can keep your business secure.

According to SecureList, spam and phishing trends in Q1 of 2021 were heavily influenced by the COVID-19 pandemic, and not in a good way. Here are a few examples of the major threats that surfaced during this time.

Stimulus Payment Scandals

Early 2021 saw many initiatives by government agencies to suppress the financial burden placed on individuals and businesses through the use of economic impact payments and business bailouts. Hackers, of course, wanted to capitalize on this and began using phishing messages to trick people. Targets received messaging that was often specific to their bank and utilized similar branding to official websites. These efforts were all elaborate tricks to convince users to hand over their credentials. Users would unsuspectingly enter their credentials into forms on these fake websites and put their sensitive information at risk.

The Vaccine Race

Back when the COVID-19 vaccine was in short supply or the supply itself was limited to specific groups of people, there was a bit of a race to get to it. This rush created an opportunity for hackers to capitalize on peoples’ desires for security and safety, and they leveraged phishing schemes that used the vaccine to their advantage. They would use language and branding of official health organizations to convince users to click on links in emails, which would then redirect users to fake websites for harvesting credentials or banking information. Even those who got the vaccine received surveys offering free goods in exchange for information.

What You Can Do

It’s no surprise that cybercriminals are using these tricks to subvert security measures. These types of attacks are just more of a string of phishing attacks that must be kept up with in order to maintain network security. Here are a couple of ways that you can make this happen.

  • Utilize Spam Protection: While they aren’t 100 percent effective all the time, spam filters are great for keeping threats out of your inbox. The most advanced phishing attacks could still make their way into your inbox, which is why we recommend taking multiple measures of network security.
  • Train Your Employees: If messages do make it past your spam filter, you will want those who are reading the messages—your employees—to be able to identify the threat and avoid it at all costs. This is where training comes in.
  • Implement Unified Threat Management: Unfortunately, even the best employees will make mistakes, so you will want to have a contingency plan in place for when accidents happen. A UTM gives you just that with a single all-in-one security solution for your network security.

4Corner IT can help your business approach network security in a responsible manner, implementing the best solutions and constantly testing your employees’ awareness of important security practices. To learn more about how we can help you protect your business, reach out to us at (954) 474-2204.

Key Steps to Take Before Reopening Your Organization

key steps to take before reopening your organization

While many states have at least partially opened, it remains to be seen if they will continue a steady pace forward to an eventual full reopening, or if they will decide to pull back for a time. In other words, the process of recovering from a world-wide pandemic seems to be a two steps forward, followed by a one step backward process. Thankfully, many organizations have employed creative and innovative methods to keep their doors open as much as possible, while protecting both employees and the clients they serve.

For those who may have gotten off to a shaky start, we will provide some helpful tips on how to make the transition back to normal life as smoothly as possible.

Employee Safety First

While customers may come and go as they like, employees are obligated to remain in the workspaces their employer provides. Of course, organizations must follow government guidelines as to how many people are allowed within a building at the same time. Employers may need to expand the distance between employee workstations, whether they spend most of their time sitting or standing. It’s also a good idea to keep up with the latest information regarding PPE (personal protection equipment) to determine whether employees are being provided with the correct instructions on how to wear their various forms of protection. 

Stay Flexible

While many companies allowed their employees to work remotely right from the beginning of the pandemic, some have found today they need at least some of their employees to work within their physical buildings. Still, some employees may have pre-existing health conditions that put them at a higher risk, or they have a family member who is in a high risk group.

While in a normal world it may be advantageous to have these people back in the office, if they do get sick, not only will it add an extra burden to their physical and mental health, at best they’ll still be required to quarantine for a two-week period. Now is the time to remain flexible and realize it might not be possible to have the entire company operating as effectively as it could. 

Reassure the Public 

Let customers, vendors, and other company staff members with which your organization regularly comes in contact know that you are making every effort to honor their health and safety as well. This may include sending out a corporate email outlining all the steps your organization is performing to ensure their interaction with your employees will remain a safe, positive experience.

If an organization has a physical building that customers or vendors will enter, let them know what you are doing to ensure their safety as well as your expectations of them, by posting a sign on the door which they can read prior to entering. Some organizations may want to include some details about their safety practices in their corporate phone greeting. Others may want to inform the public by way of an advertisement shown on TV or through a radio commercial.

Reevaluate Corporate Technology Security

Many organizations have employees working in entirely different settings than they did before the pandemic. This could mean the new settings open them up to additional security risks as they use technology devices and software apps in a way they never did before. For employees in a remote work environment, organizations need to consider who in the environment may potentially have access to confidential information and/or computer equipment, including logins used for various apps. 

All the different ways in which employees now use corporate computer equipment and software applications must be reevaluated to ensure that a company’s technology system as a whole, remains safe and secure.

If you would like to know more about how to successfully navigate your organization through the pandemic, please contact us.

Documenting An Information Security Policy During the Pandemic

documenting an information security policy during the pandemic

The work environment that many organizations have today looks entirely different from the working environment they had pre-pandemic. Thousands of organizations now have their employees scattered throughout large geographical regions in environments that are not under the employer’s direct control. While the option to work remotely has saved many a company from going bankrupt, it also vastly changed both the physical and technological environment in which staff members work. While outwardly many organizations seem to be working from home fairly successfully, it is possible that their official information security policy looks exactly as it did before the pandemic, if they even had one at all. That is why documenting an information security policy during the pandemic is so important.

Starting Anew

Whether an organization had a previous ISP (information security policy) or whether they now realize they should draft one, the steps they must take to create one will likely be fairly similar since the working environment has changed for so many companies. The first step in drafting an ISP is to consider the scope of one’s business. Some organizations may interact with many vendors and/or suppliers, or they may only have a few. Other organizations have large customer or employee bases, or some combination thereof. Whatever the scope, companies must consider all the different components that could be affected by their new information security policy.

The next step is to set objectives in order to establish the overall direction of the policy, including factors such as legal, regulatory, business, and contractual security requirements. As those in charge of creating the policy gather information about the company’s operations, they must consider the structure of their risk assessment as it relates to the area they are evaluating, as well as use appropriate criteria in order to properly evaluate security risks.  

Drafting the Policy

While each organization’s ISP will be unique, there are a few standard points that most businesses will likely put in their specific policy. These items include enforcing a password policy where users must meet certain requirements such as password length, the type of characters required, and how often the password must be changed.

Other key points will likely include the requirements for handling data from third-parties, employees, and customers, along with establishing guidelines that outline what employees can and can’t do, with regard to actions such as internet usage and accessing controls. Some organizations may want to take their internet security policy one step further by ensuring their new policy adheres to certification programs that pertain to their particular type of industry, or technological certifications.   

Who, Where, What, Why 

A finalized internet security policy may not be that lengthy. In fact, a company’s ISP may not be longer than a page or two, however, it will answer some essentials questions such as who issued the policy — meaning it is under their authority. Other questions the policy will answer include where the policy applies such as specific departments and/or locations, what the overall goal of the policy is, as well as company-specific security issues it addresses.

Lastly, it will also answer the question as to why a new policy was needed. In most cases, this will be a statement discussing how the ISP will help ensure that a business continues to protect their sensitive data while operating under a new working environment. In addition, the new ISP is intended to safeguard the continuity of the organization, while maximizing their ROI.

Summary

The world-wide pandemic forced many businesses to make drastic changes in the way they conduct their business practices, including how they secure their corporate data, along with their hardware and software resources. Although creating an ISP for their new way of operations may represent a challenge during this time of uncertainty and upheaval, informing employees how to safely navigate through their new circumstances is essential for a successful future beyond the pandemic. If you would like more on how to create a corporate ISP for your new working environment, please contact us.