The novel coronavirus has impacted the world of business in countless ways. But among the biggest challenges has been the relocation of workers. Rather than having everyone clustered in a single office, they’re free to work from home. This confers a number of advantages, but it also creates vulnerabilities which unscrupulous outsiders have been keen to exploit, often with a phishing attack.
A study from Centrify reported that around two thirds of decision-makers expected to come under attack in 2021, and more than half of them expect a growth in cyber-attacks as a result of the latest lockdown measures. A favoured tactic among scammers is to impersonate HMRC. Following a freedom of information request, it was revealed that attacks of this sort have risen by an impressive 73% since the first lockdown in March 2020.
Why are remote workers more vulnerable?
When all of the data you’re working on is contained within a closed network, there’s less opportunity for an unscrupulous third party to intercept it. This is especially so if work is being submitted through email, or via a browser-based interface. A phishing attack operator might create a website which looks the same as the one a worker has been using, with the intent of tricking them into surrendering confidential data.
Computers that are used for personal tasks, like gaming, shopping, and video streaming, are also inherently more vulnerable than specialised work computers with particular limits imposed on what can be installed, and what websites can be visited. This applies especially to workers who are sharing their machines with other members of the household.
Since the amount of data being sent remotely has increased exponentially, so too has the scope for a phishing attack of this kind. This applies especially to users who are using their phones to do business, since the URL being clicked is often hidden.
How can Businesses Cope?
If the workforce isn’t educated about the shape and scope of the threat, then they can’t be expected to deal with it. Providing training on phishing, and issuing regular reminders via online meetings, can often make the difference. Remind everyone to keep their virus definitions updated, and to think twice before clicking on unsolicited links. You might even stress-test your procedures by faking a phishing attack yourself, just to see if any of your workers take the bait.
Of course, it’s impossible to reduce the risk to zero. In some cases, the problem might be out of your hands. For example, if the cloud-based storage solution you’re using falls victim to a ‘watering hole’ attack, then you might find your data compromised through no fault of your own. For this reason, businesses might consider specialised cyber-insurance against digital forms of risk. This will ensure that you’re protected, and that you’ll get a faster payout in the event that you need to make a claim.