Following on from the Prime Ministers’ latest advice, for those of us who can work from home, it appears as though we will be doing so for some time to come. As a result, we wanted to provide a brief update on the cyber threat landscape and detail some practical steps you can take to safeguard your business whilst working remotely.
The FortiGuard Security Operations Centre (SOC) recently reported a 131% year on year increase in viruses from March 2019 to 2020. The driver for the increase was malware and viruses targeting people using the cover of the COVID-19 pandemic. Cybercriminals are playing on the fears of the population and using this subject to further their criminal activities. So much like in the physical world, following the governments’ advice to Stay Alert has never been more important.
What can you do?
One of the most popular payload mechanisms for cybercriminals is email. Many of you will already have Email Security solutions in place to intercept malware before it reaches your email system. However, none of these solutions offer complete protection. All the cybercriminals need is 0.01% of their emails to evade detection – so it’s a constant arms race to ensure that definitions are produced to catch the malware before it reaches your inbox. However, the reality is that some of these emails will evade detection, which makes you and your colleagues the last line of defence. Here are some tips for identifying phishing emails:
1) Check the underlying Senders address – Even if you recognise the name of the sender, check the underlying email address. It’s common for Cyber Criminals to masquerade as a “trusted contact”. When hitting the reply button on an email – the full underlying email address will be displayed – always check this.
2) Check URLs – If an email contains a URL, hover your cursor over that URL and the underlying link will be revealed – often it’s not taking you to the website you may think.
3) Zero Trust – Operate with the mindset that emails are inherently insecure. As an example – If you receive an email from a colleague with an attachment you do not recognise or were not expecting – phone them to ensure they sent it.
4) Credentials – Before entering your credentials into any website – check the underlying URL in the browser. Also, ensure the website is protected via https – most browsers will display a lock symbol in the top left-hand corner.
5) If in any doubt….ask – As an IT Managed Service Provider, we much prefer checking false positives than dealing with a breach, so please if in any doubt – ask your IT team, it’s better to be safe than sorry.
The levels of cyber-attacks are increasing all of the time, it’s therefore vital to Stay Alert and follow the guidance above to help keep your data secure.