Organizations Need To Be Wary Of Home Worker Phishing Risks

homeofficeSecurity experts warn that phishing attacks against home workers will rise.

Last week the Department of Homeland Security issued a warning that many organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19),  and consider alternate workplace options for their employees.

Remote work options—or WFH for short—often require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. The Infrastructure Security Agency (CISA) encouraged organizations to adopt a heightened state of cybersecurity.  They also specifically noted:

  • Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.

Since that warning, many companies and organizations are now requiring their employees to work from home.

We’ve never seen this many workers conducting company business simultaneously from their homes. It’s truly an historic event that will require adaptations to our lives and normal routines. We may be managing our children who are off from school, living in a more packed or noisy home with interruptions. Many will be feeling anxiety about the crisis or experiencing financial stress.  Those living alone may feel even more isolated.  Organizations are finding themselves moving their work forces almost overnight to virtual work environments along with the monumental security and IT challenges. 

Working from home, users will need to maintain a measure of normalcy in business and social lives, even while many facets of life are changing all around us every day.  

And guess who are poised to take advantage of this confusion? The bad guys are drooling.

Why? Disruption increases the effectiveness of social engineering triggers which undermine the human reactive mode if we don’t take necessary precautions like preparing through New School Security Awareness Training.

Phishing uses tried and true social engineering tricks which rely on intrinsic basic human weaknesses. Our brains are hard wired to respond to urgency without proper training. Turning this weakness into an advantage is a central tactic in the bad guys' social engineering toolkit and is key to their success in "hacking the human."  It’s pretty easy to predict the bad guys will go after all of them.  Coronavirus scams are a good place to start.

...According to a recent FastCompany article, experts say that cybercrooks are at this very moment devising ways of taking advantage of millions of employees transitioning to work-from-home situations. They know that employees will be connecting to their companies’ servers and other resources in a very different way. They are also aware that many employees will be doing their work on computers normally used for personal affairs, and that other workers will rely more on their mobile devices in the absence of a work computer."

If we work from home (without preparation and a focused level of security awareness and cyber security culture), the home workplace lends itself to many security weaknesses. Some of these are hardware and other are human factors.  Add to that, the potential of numerous interruptions, a lack of focus/attention, and the urgency to respond to multiple distractions. 

When we mix home and office without boundaries, we have to juggle business priorities and professional communication along with ongoing home activities. Disruption of the OODA (observe, orient, decide, act) loop and disruption of routine.  The bad guys couldn’t ask for a better target audience to ply their tradecraft on. I think you've got the picture. It's ugly.

During this transition, employers will be relaying instructions to their workforce on how to work from home as this is new territory for many companies with no prior work for home policies. Federal workers, CEO’s and C-Suite will all attempt to adjust to the rapid migration of normal workflow practices, as they will become social engineering targets.

To help with this problem, we’ve created a webinar to help navigate through this transition and keep you safely work at home!  Webinar Link:

Get Your Customized Automated Security Awareness Program, ASAP!

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

We’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP).

ASAP is a revolutionary tool for IT professionals, which allows you to create a customized Security Awareness Program for your organization that will show you all the steps needed to create a fully mature training program in just a few minutes!

asap-monitor-1Here's how it works:

  • Answer seven questions about your organization’s goals, compliance needs, and culture
  • ASAP recommends suggested training content based on your answers
  • See a detailed calendar with a customized task lisk to get your program started
  • Easily export detailed and executive summary PDF versions of your program
  • Get a fully mature awareness program ready in 5 minutes

Get Started Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews