The COVID 19 pandemic has created new opportunities for scammers to target victims. The increase in employees working from home, often from their personal computers, has allowed scammers to find new weak links they can use to steal data. Employees working from home often have poor technological infrastructure and insufficient cyber and data security compared to what is provided at their office.
Employees need to access webpages and will often save the company passwords to their browser or device. Storing passwords insecurely or accessing the internet without virus and malware protection gives scammers an easy opportunity to hack.
“It only takes one employee clicking on a phishing link to compromise the entire company” says the cyber security consultants at Managed IT Experts, “Educating employees who are working from home on fraud and scam prevention, and providing them with the necessary software to stay safe, is crucial”.
Businesses need to take precautions in order to maintain their data’s security. Cyber scammers are finding it easier to prey on victims as their home becomes their workplace. Employees using their personal devices and merging their daily tasks with their work day means it is likely they could fall for a scam that pose as legitimate services like package tracking or account recovery.
Scammers are impersonating trusted brands and government organisations to infiltrate companies and compromise their data. Employees working from home only need to click on the attached link of a phishing e-communication and their data will be exposed and their device will be compromised. Employees working from home from their personal devices has shifted the risk for companies from data hacks and breaches of company servers to small scale breaches of employees devices.
“SMS scams alone have skyrocketed since the beginning of the pandemic with Australians losing A$5,889,596 to cyber criminals” says Sydney wealth creation consultancy firm BMA Consulting, “SMS scams are extremely easy to fall for with many using phone numbers that look like Australian mobile numbers and others posing as reputable companies like Australia Post”.
Most of the scam messages prompt users to click a link, often duping them into thinking it is a link to track a lost package or secure an account. When targets click a link it allows scammers to obtain sensitive information from the user and often results in huge amounts of money being stolen.
A lot of employees use their personal phones when working from home so ensuring employees can identify and delete these text messages is important to protect any company data, emails or logins they may have on their phone.
“Since the beginning of the COVID-19 crisis, a fifth of all employees have noticed an increase in fraudulent emails, spam and phishing attempts in their corporate email” states the fraud prevention experts from Acceleon “In 2019, at least 87% of companies had experienced a phishing attack and 12% of companies had experienced over 100 in one year”.
A study found successful phishing attacks resulted in lost data for 60% of corporations. 52% of companies had accounts and credentials compromised, 47% were infected with ransomware and financial losses were experienced by 18%.
As the digital economy advances, cyber threats are outrunning most organisations’ abilities to manage them. Personal information of employees, corporate data, customer information, intellectual property, and critical infrastructure are all at risk..
There are several ways that businesses can optimise their processes to protect their data and keep their customers and employees information safe. Here are some basic steps companies should consider implementing for any employees working from home:
- Staff should be made aware of cyber security concerns and educated on how to identify them.
- Employees should receive training on how to handle sensitive data, with a particular emphasis on the company’s code of conduct and related regulations.
- Software that safeguards data and protects against cyber attacks, ransomware and malware should be installed on all devices used by employees.
- Secure password storage tools like LastPass should be used instead of saving passwords to browsers.
- Cloud-based storage should be utilised to store sensitive data.
- Regular security monitoring should be performed by cyber security professionals to ensure that issues can be identified and repaired promptly.
- An evaluation of the time it would take for your company to recover from a large-scale cyber attack should be completed and an action plan should be put in place to ensure the company can swiftly restore, protect and secure their IT infrastructure in the event of an attack.
- Services and companies you are sharing sensitive data with or receiving cyber security from should be thoroughly vetted. Ineffective processes in partner companies can result in your information being compromised indirectly.
Only by implementing these precautions will organisations be able to ensure the flow of data between the company and the employees working from home is secured. By doing this companies will reduce the risk of home office setups becoming gateways for cyber crime.