Remote Security Series: Stay ahead of the phishing attacks that follow COVID-19
In these uncertain times, many companies are allowing employees to work from home more than ever before. Essential personnel onsite at the workplace are kept to a minimum and are offered remote support when issues occur. The scope of remote work is unprecedented and brings up a lot of questions for managers aiming to support their employees.
This series will discuss security testing and consulting options that Raxis offers to help companies work as securely as possible while employees work from home using home wireless services and systems or jump on the company VPN in unprecedented numbers.
Raxis expects a rise in phishing attempts — emails, texts & phone calls — as attackers realize that employees are at home and not as easily able to verify that requests are legitimate.
Let’s start with your VPN itself. It’s likely at least a few of your team members are going to have problems logging on. Though they may be overwhelmed, your help desk workers are inclined to be helpful. Verification is a step that might easily be skipped in a rush to get an exec or senior manager online.
Finance is another point of vulnerability. Say that you receive an email from your boss saying to approve a new vendor payment. Normally your boss would never send that in an email . . . but these are not normal times, and you’re both working from home. You think of giving her a call, but she just told you she’s busy setting up her children’s new online school meeting. Do you approve the request? How are you sure that it’s legitimate?
What if it was a phone request from a customer who is working from home? He’s on his cell phone. Are you sure it’s really him? Should you verify before telling him customer financial information? Sure you should, but you’re out of your normal environment and he sounds really annoyed. What do you do?
And what about your teammates? Your employee texts you and asks for the password to an old system with a shared password. Do you text them back? Do you check the number first? Send it in email?
These are different questions than you ask when you’re in the office and can lean over the cube wall. It pays to make sure all your employees know the answers (or at least ask the questions) before they face them in the real world from home.
Where to start
Raxis has a number of phishing tests that fit these scenarios, and we are happy to work with you to customize a test that fits your needs. We provide a report and a debriefing call to help you educate your employees with real world examples. Whether they pass or fail, it’s an opportunity to safely assess their readiness and reinforce their training.
Take a look at https://raxis.com/social-engineer for more info, and submit the form on the side of the page if you’d like to discuss your specific situation.
As always, Raxis is happy to advise you and work with you to customize a test that meets your needs. If you have concerns, we’d be happy to chat with you about options that work for you.