With the beginning of 2020, companies cannot predict the disruption they are about to experience. With the outbreak of the COVID-19 pandemic, companies are scrambling to adjust their infrastructure and technology to keep new virtual employees connected and productive. Once long-term office closures become inevitable, business leaders must establish long-term connections and security procedures for their virtual employees.
Eighteen months later, with the increase in vaccination rates and the decline in infection rates, companies are making plans to reopen their offices. But few companies plan to return to pre-pandemic offices crowded with employees. As companies adapt to changing regulations, determine who can work on a mixed schedule, and evaluate which roles can remain remote, uncertainty remains. We can be sure that cybercriminals are carefully observing these developments and making plans for attack locations during the transition period.
Regardless of the physical location, employees will continue to need reliable access to business applications. Cybercriminals will take advantage of this shift. They will determine the best method and time to attack those who are exploring the learning curve of a new cloud-based system.
When we reimagine the workplace after the pandemic, we must also re-evaluate email security practices after the pandemic. We must ensure that the network is protected, whether employees work at the company headquarters or at the table.
Changing workplace dynamics
COVID-19 is driving fundamental changes in the way and where people work. According to a survey of Fortune 500 executives, before the pandemic, only about 16% of employees were working remotely. After March 2020, this number has increased to more than 65%. Many people who previously relied on office computers must quickly learn to access work applications from home computers, laptops, and tablets.
As the office reopens, executives surveyed predict that a quarter of employees will choose to work completely remotely. In some fields, such as technology and finance, the proportion of fully remote workers is expected to reach 35% to 40%.
As employees access company resources from a variety of locations and endpoints, IT must anticipate new vulnerabilities that may arise when deploying a mixed workforce, and then plan to mitigate the inevitable cyber attacks that follow.
New email threat
E-mail is the root cause of almost all data breaches. According to the Identity Theft Resource Center, email is the number one threat vector facing organizations. The pandemic has exacerbated the challenge of email security because opportunistic cybercriminals use COVID-related topics to trick people into sharing personal information, financial data, or both.
In order to launch a successful phishing attack, threat actors usually choose a timely topic and legitimate appearance to lure the target into a trap. In April 2020, at the beginning of the pandemic, Google’s threat analysis team reported 18 million attack emails with the theme of the pandemic every day. Recently, there has been an increase in email attacks using topics related to the COVID-19 vaccine.
The dramatic increase in COVID-related scams prompted the US government to issue a formal warning. For example, the Centers for Disease Control and Prevention (CDC) warned that an election campaign would spoof its emails. The campaign is aimed at the victims, with attachments purportedly describing infection prevention measures. By the end of 2020, even the FBI has issued a statement urging vigilance and caution.
Build a better email security posture
IT and security teams should emphasize to their colleagues that every employee has a responsibility to protect network security and company data. When it comes to minimizing the vulnerability of email attacks, a little common sense helps a lot.
Here are five key points that IT and security teams should impress employees:
- Don’t open unsolicited emails from people you don’t know.
- Ask about third-party sources disseminating information about COVID-19.
- Don’t click the link in the email.
- Be wary of attachments.
- Do not provide any personal information to anyone via email, especially passwords.
Companies should keep employees informed of the latest strategies and social engineering cues that attackers use to lure them. IT departments can provide contextual education, warn employees when suspicious emails enter the inbox, and allow recipients to mark emails as safe, as long as they come from a trusted entity.
Email is the main source of cyber threats. Therefore, network and data protection starts with each employee’s email inbox. No matter where they are or what device they use to connect to the company network, every employee needs appropriate training and tools to protect their company from phishing and spoofing threats.
As the CEO of IRONSCALES, Eyal Benishti pioneered the development of the world’s first self-learning anti-phishing email security solution, which combines human intelligence and machine learning technology to achieve automatic prevention, detection and autonomy… …. View the complete bio