The nature of data privacy and email security threats has changed during the Covid-19 pandemic – as cybercriminals have ramped up scams to take advantage of people working from home. The general flow of misinformation and widespread public anxiety has left more businesses and individuals vulnerable to attacks.
Since the first lockdown began in March 2020, 46% of UK employees have been doing some work from home, according to government data from the Office for National Statistics, with 86% of them doing so due to the pandemic.
More than two-thirds (69.6%) of UK professional people worked from home in 2020, in either a full-time or part-time capacity. The highest concentration was in London, where 57% of the working population were based at a home office.
In addition, students switched to remote learning, while even financial institutions had customer advisors and other staff working from home. As a direct result of the widespread and sudden changes in working practices, cybercriminals have tried new techniques to dupe people online.
Data compiled from professionals working in IT and cybersecurity in the UK, the US, and Canada has revealed criminals are using increasingly sophisticated scamming techniques. Read on to find out what the latest threats are and how to combat them.
Since the start of the Covid-19 pandemic, there has been a significant increase in phishing attacks and compromised links. Hackers are increasingly using emails to obtain confidential user information, as scammers imitate trusted sources.
Sophisticated imitations of familiar sources mean the victims are more likely to provide the requested information, such as account login details, to hackers.
To combat phishing attacks, notice any indications of potential scams, such as incorrect grammar or punctuation in the email, the use of generic titles, such as “Dear Sir or Madam”, and requests for information that seem unusual. For example, you may be asked to input your whole password to access a website or account, rather than just specific letters.
With employees working from home, sensitive personal and business information have been increasingly co-mingled, not only via email but also on collaboration tools, such as Microsoft Teams. Unfortunately, this enables more cybercriminals to gain access to confidential information potentially.
Since the start of the lockdown in March 2020, employees report they have inadvertently clicked on three times as many malicious links as in regular times due to corporate and personal data being blurred. In addition, 70% of employees are concerned about the risk posed by archived business conversations.
Spear phishing is more specific than phishing, as it targets a particular individual or organisation. The criminal will have completed thorough research beforehand to ensure emails to the target are free from errors and look as authentic as possible.
A typical example of this is brand spoofing, when a genuine brand’s logo is mimicked in a believable way. Since the pandemic began, a massive 42% of businesses have reported an increase in the misuse of their brand. They have also reported a 47% increase in spoofing by email since March 2020.
As well as the increase in threats to individuals via email and other scams, increased cyber attacks on companies and organisations are forecast. The Cybersecurity and Infrastructure Security Agency has issued a global warning to organisations across all industries to be prepared.
The US federal agency issued the warning amid reports data breaches were continuing to proliferate. Organisations are urged to remain vigilant in protecting both confidential business information and also employee and client personal details.
Businesses are urged to implement best practices and use up-to-date tools and resources in the ongoing fight against cyber criminals to mitigate the risks posed by ransomware. The CISA has stressed the importance of continually implementing and updating anti-crime cyber-strategies.
The UK’s own National Cyber Security Centre warns that even its own professionals have struggled to spot some of the carefully designed spear-phishing attacks against businesses and their employees that are being used today.
While 97% of businesses say they have some email security system in place, only 26% have protection against critical areas such as removing malicious emails already in their inbox and monitoring external email threats.
In addition, only 20% of organisations provide cybersecurity awareness training that is continually updated to meet changing needs. This is a crucial area for improvement, as cyber awareness training enables employees to spot suspicious emails and work out if they are facing an attempted hack.
However, understanding which security software services are needed can be challenging. Choosing an outsourced comprehensive security solution can provide the answers if your own in-house IT services aren’t as effective as they should be.
Select a provider with a proven track record who understands the way your business operates and recognises the security needs of the data you handle. If your security protocols are too weak, they can leave you vulnerable to attacks – but if they are too rigid, they can negatively impact your workflow by being unyielding.
It requires a delicate balance to ensure your needs are met efficiently in a way that benefits your operations rather than hindering them.
At Cara Technology, we provide a fully managed security solution that delivers premium levels of protection, leading to complete peace of mind. To learn more on how to protect your business from the increased risks of cyberattacks, contact us for a free consultation.
Sources:
https://www.ons.gov.uk/employmentandlabourmarket/peopleinwork/employmentandemployeetypes/bulletins/coronavirusandhomeworkingintheuk/april2020
https://blog.icorps.com/state-of-email-security-2021
https://www.cpomagazine.com/data-privacy/data-privacy-top-considerations-for-2021/