24 October 2023 | By Shaun Farrow
MFA fatigue, AiTM phishing, data extortion — cyber threats are on the rise and evolving daily. How can your business protect itself in this ever-changing landscape?Read more
1 April 2020 | By Chris Thomas
As the ultimate opportunists, they use the latest headlines around Covid-19 as clickbait, preying on intrigue, fear and uncertainty to gain access to corporate networks, potentially leading to compromised personal and company data and financial loss.
In recent weeks, there has been an enormous rise in malicious emails related to the current pandemic. Mimecast has reported nearly 24 million coronavirus-related phishing email attacks leading up to March 231, equating to 16% of its total emails scanned during that time. Cybercriminals have sent emails in the guise of various groups to trick people into clicking their malicious links. Examples include emails from the World Health Organisation giving advice on how to avoid the virus, texts from ‘HMRC’ offering tax refunds, and even communications masquerading as being from employees’ own HR departments. Vigilance is a prerequisite when protecting your business, so being on top of your security now is more important than ever.
As businesses settle into a new way of working, cyber criminals are looking to take advantage of remote workers while they are away from their usual environment. Even though employees may have knowledge of security policies, reinforcing awareness at this difficult time is the key to safeguarding your business. For example, emails containing multiple spelling and grammatical errors, unusual attachments and click-through links, and threats or statements with a panicked sense of urgency are all tell-tale signs of a phishing email2.
So, how can you improve the protection of your business from these malicious attacks at this time? Here are some key considerations:
1. Educate your employees
While many will understand the dangers of cyber crime, it’s important to make employees aware of the potential threats and urge them to report anything suspicious. Remind your employees not to click on links or open any attachments. Cyber criminals can be creative and very convincing, so if in doubt, do not open!
Also, when sharing internal communications, think about setting up an intranet and diverting staff to one place for all news and updates. This will eradicate the possibility of an employee believing that a scam is a genuine HR or other internal email.
2. Update all devices
Ensure all your company devices have the latest security updates, including antivirus and anti-malware services. Keeping software up to date will ensure any vulnerabilities are patched, leaving your systems as secure as possible.
3. Use a reputable mail protection service
These services will help to protect your business from both internal and external threats. For example, since the coronavirus outbreak, Mimecast has reported blocking 5,000 URLs a day related to Covid-19 — 37 times more than those blocked in January. And as well as ongoing monitoring and scanning, these services rewrite clickable links, scanning them at the point of clicking to provide businesses with real-time protection from attacks.
4. Enable Multi-Factor Authentication (MFA) where possible
A single password is simply not enough protection from the world of cyber criminals. Most applications now enable MFA and according to Microsoft, MFA can block over 99.9% of account compromise attacks3.
The National Cyber Security Centre (NCSC) is taking measures to reduce and remove malicious sites and continues to urge people to follow online security guidance. However, if you do fall victim to a phishing attack, it’s important to report this to Action Fraud. To keep up to date with the latest cyber security news, visit www.ncsc.gov.uk where you’ll find weekly threat reports.
Finally, while businesses are being urged to increase security awareness during this period, it should always be an essential part of your IT strategy. For support and guidance with your security and IT needs, call our expert team on 03330 11 22 55.
1 Mimecast, ‘Coronavirus phishing attacks speed up globally’, 2020
2 NCSC, ‘Our guide on spotting and dealing with phishing emails’, 2020
3 Microsoft, ‘One simple action you can take to prevent 99.9 percent of attacks on your accounts’, 2019