Don’t let phishing ruin the festive season: how to protect against attacks

You better watch out, you better not cry, you better not pout, we’re telling you why; cyber security is available to protect your business from online attacks.

We have come a long way since Home Alone warned us about the perils of criminal activity at Christmas time, as modern theft attempts now take place in the digital world. And as employees have been working from home in their masses during the Covid-19 pandemic, there’s little risk of individuals needing to guard their house Kevin McCallister-style. Instead, businesses need to be extra vigilant over their online properties.

Eight months since the pandemic was declared and remote working has been normalised. However, it has also presented an issue that companies must keep in mind:  an increased risk of phishing attacks through the use of devices for both professional and personal activities. Over this festive period, that’s even more of a consideration for leaders to be mindful of, with an influx of online deals and email marketing campaigns making their way to people ready for online Christmas shopping.

Here are four ways you can keep your business and employees safe this phishmas:

1. Do they know it’s CASB time?

Like Father Christmas’ sleigh on Christmas Eve, cloud adoption has soared during the pandemic to support remote working and the shift from fixed on-site networks. The ease of cloud applications in a remote working world, though, is a double-edged sword.

As cloud take-up has risen, cyber-attacks have also grown by a staggering 50%, which demonstrates just how alert cyber criminals are to this ripe opportunity for online infiltration.

According to our research, 10% of security professionals claim that moving to the cloud has worsened company security, so it’s essential the right measures are in place.

First off, companies should conduct a risk assessment to calculate where any weaknesses may be. Plugging any security gaps is essential to keeping your company and employees safe. The next step is to implement an overall, best-in class cloud security solution that can cover any security pitfalls that might arise from these easy-to-use applications. A CASB solution works best here and can help a company detect, examine, protect and control user behaviour and engagement with cloud applications.

This support is the first step that should be taken for mobile workforce protection this festive season.

2. Jingle BEC rock

In addition to a rise in cloud usage, companies and their teams should be aware that the remote working boom has brought on an increase of phishing scams, such as Business Email Compromise (BEC). Email is, after all, still the lifeline of any business and so is a cyber-criminal’s number one port of call.

BEC attacks take the shape of emails that look legitimate and as if they’re from a trusted contact or organisation but are, in fact, from a cyber-criminal that seeks to acquire either money, or sensitive information in hope of it leading to a payday.

In the three years leading up to summer of 2019, hackers secured $26bn through BEC attacks, according to FBI estimates. This is as much a technology issue as it is a people one, so teams should regularly be brought up to speed on what to look for.

However, businesses should not rely on employees alone to manage cyber security. Businesses need to bolster security with a layered email security solution that includes tools such as algorithmic analysis to block phishing emails, and real-time link scanning to automatically identify and highlight malicious links before any unsuspecting team members have the chance to reach a malicious destination.

3. It’s the multi-factor authentication time of the year

With practically every aspect of working life evolving around logging in, multi-factor authentication (MFA) is a powerful tool to keep imposters out of user accounts, protect data and prevent onward attacks by infiltrators.

An adaptive MFA solution is able to recognise any out-of-character activity and only challenge the user then, to avoid excess friction. For example, if a criminal is attempting to access your account from an unknown device, strange location or at a bizarre time, MFA can kick in and recognise immediately that something phishy is going on.

From there, the genuine account user will be notified and provided with another layer of security generated in real-time, such as a one-time passcode, to authenticate their identity, rather than just relying on the password, which the hacker may have captured or found on the dark web.

4. WhatsApp Wonderland

Our previous survey of 1,000 adults found 46% embark on questionable processes that run the risk of leaking company information. While visiting adult sites on work devices was one of the more eyebrow-raising findings, the fact that 22% of respondents have shared documentation over services like WhatsApp is also cause for concern.

With over two billion users globally and 65 billion messages sent daily, WhatsApp is a hive of sharing and communication. Its popularity and ubiquity have brought about a trend known as wishing (WhatsApp phishing), not too dissimilar from the BEC approach. The problem now is that employees are using their work devices for personal tasks – such as running WhatsApp on their web browser and using it for business conversations.

Cybercriminals will put in a seemingly official work-related request to a user, either for paperwork or transfer of funds, in an attempt to execute the attack. Facebook Messenger and other social apps running through the web browser also run the risk of being used as the stage for such performances.

A CASB combined with Web Security can provide support here to shield against communication-based risks in web and cloud apps, providing protection seamlessly as users switch between the two.

By considering all of these elements, your organisation should be on the right track for a Merry Christmas rather than a scary phishmas.

You can learn more about these solutions here or request a demo.

Related Insights

Get a live demo