An Open Letter To: Companies whose corporate workers now work from home #remoteworkers
During this #coronavirus crisis, both in the news and in reality – digital fraud is happening on a much larger scale then usual. We are seeing FIVE TIMES more digital fraud, in business e mail compromise (BEC), malware and ransomware attacks. Hackers are having a field day.
Demonstrating the evolving sophistication, the American FBI has pointed to Business Email Compromise (BEC), with one of the most recent involving scammers not mimicking suppliers or corporate executives, but a company’s own CEO to steal funds from the payroll department. “Now, the actors involved are a lot more sophisticated and share intelligence and organized networks,” said Michael Driscoll, who is the special agent in charge of cyber-and-counterintelligence at the FBI’s New York unit.
DLA Piper Law Firm partner Edward McAndrew told Wall Street Journal that criminals will hack into a company’s email server and identify which executives’ email addresses they can spoof to trick unsuspecting employees. “This is no longer a situation where some person who wasn’t paying close attention got duped,” he said.
The shift to working at home has happened almost overnight. Companies are trying to ensure the continuity of their business, and have not planned ahead for the time when employees will be working completely off-site and are just not set up for it. Consider that every time an employee connects to their corporate network from home, they’re creating access points for hackers to exploit. This can happen multiple times on a single network overnight, coinciding with orders for regional lockdowns. How reasonable is it really to ensure that every connection is secure?
The sheer scale of people working remotely has provided a broad playground for hackers to exploit, both in type and scale of attack. Hackers are constantly improving their attacks — sending phishing emails that claim to be about the coronavirus or claim to be from a trusted health agency — to leverage fear of the global pandemic. Hackers acting as imposters being the local health authority or WHO using Coronavirus in Phishing Attacks
The stream of cyberscams and hacking attempts related to the virus, according to Michael Daniel, president and chief executive officer of the Cyber Threat Alliance, an intelligence sharing nonprofit organization. “It’s really quite amazing how rapidly the bad guys have moved into that area.”
Some tips that we believe that employees can do to improve the situation is by regularly updating passwords and using paid virtual private networks and multi-factor authentication. We recommend keeping children off your personal computer, if you use it for work, because they could download games or other material infected with malware. Take extra care to verify messages for payment, and who they originate from.
TCSS’ mission is to support our clients to reduce their business risks by continuously enhancing their Cyber Security Posture in order to minimize their exposure to attacks. We offer a broad range of services and automated solutions to help our customers to assess and reduce their risks while supporting their day-to-day operations and their incident response in an environment with few resources. Our aim is to go beyond the basics of Cyber Security and to support our clients adopting more advanced defenses like Threat Intelligence, IOT and OT security, automated threat hunting and pen testing. Our offices are located in Austria, Germany, Serbia and Israel.