We’ve been catapulted into a digital and virtual world. We all knew it was coming, but the unbelievably rapid transition to a nearly all virtual world left a few gaps. We have growing pains that we might not have been ready for. For example, how best to be vigilant in cybersecurity best practices while in a work-from-home scenario? And, more specifically, how do we avoid clicking on phishing emails that we receive? How hard can that be, right? Let’s paint a picture.
On an average work-day, employees are receiving emails from work, invites to attend online meetings (via a meeting link), potentially receiving emails from school, receiving updates on various online orders (like groceries), attempting to track the status of packages that were ordered, and dealing with regular at-home scenarios (think barking dogs, questions from others either working or attending virtual school). In addition to being pulled in multiple directions, employees are being asked to click on links and open files on a regular basis – this includes links and files from the organization that they work for. But, we are still asking them to NOT click on phishing emails and links, and to not download files that may be encrypted with malware. Yeah, it’s a little confusing and stressful.
In a world where our employees are one of the most important aspects of our cybersecurity plan, why are we putting more stress on them?
Employees Need Support
Clicking on links and downloading files has become common, especially in a work-from-home scenario. In order to help employees in the fight against cyber attacks via phishing emails, organizations need to look inward and determine where they may be creating a click-culture.
Start by looking at how regular communication is handled by the company. Are company-wide emails sent frequently by multiple people on any day and at any time? If the answer is yes, make immediate adjustments. For example, make the shift to sending one company email per week, on a specific day, at a specific time. This type of regularity will signal to employees that the email, and any links or attachments, are safe. If this type of regularity will not work, a broader solution like Microsoft Teams, may be needed for your organization.
How does collaboration and file sharing take place within your company? If you answered email, it may be an opportune time to take a look at cloud-based storage. With cloud-based storage, leaders and employees can collaborate on files and share files with others in a safe, malware free, environment.
And, let’s not forget about cybersecurity training. Training should not stop because employees are working from home. If anything, the frequency of training should increase to keep cybersecurity top-of-mind. But because training will likely take place in an online meeting scenario, consider making the training session a bit more collaborative. For example, encourage employees to bring questions to the meeting, or show screen shots of suspect emails and share with the group, or share an article they read about cybersecurity. Yes, you’ll want to include best practices when it comes to cybersecurity, but yet another talking head meeting is probably not going to get the point across.
What Are The Best Practices?
There are some basics that we should all be following when it comes to phishing emails and cybersecurity:
- Keep an eye out for typos or content that looks suspicious.
- Really read your emails. Hackers are leveraging social engineering and machine learning to create more realistic phishing emails. Reading emails and questioning their validity go a long way!
- If you receive an email with links, avoid clicking on them. Instead, type the website address directly into a web browser.
- Update your computers and other devices and install patches if requested by your IT department (if they are not already handling automatically).
- Be suspect of attachments. If you weren’t expecting it, or it is from an unknown sender at an irregular time, do not open it.
- Be suspect of links that are texted to you from unknown phone numbers. Avoid clicking on them (even if they indicate they are about an order you placed).
- Leave the security and web filters on your devices in place, and make sure they are up-to-date on your personal devices as well.
- If you believe you received a phishing email, provide it to your IT team. This includes emails that you may have accidentally opened. Make the IT team aware of the potential breach. And, honestly, they will likely figure out who opened it eventually.
Encourage understanding across your organization. Employees are working in atypical environments and are likely juggling more than they have in the past. Keep an eye on their overall workload. This will ensure they are not getting overworked and you can be understanding if an accidental error occurs.
Your employees are one component of your cybersecurity plan. Rely on them and train them, but also make sure you have back-end IT support in place as well. You should have an endpoint security solution. A layering approach to cybersecurity will always be the best bet.
If you are in need of a few topics for your upcoming virtual cybersecurity training, we encourage you to check out the Intivix blog. We cover a number of cybersecurity topics every month and include tips that can help organizations and employees stay vigilant.