With the summer break taking employees out of the office, phishing attacks are on the rise. Here are three ways companies can get ready.
With summer now with us, it looks like everyone is on vacation. Just take a quick look at how many OOO (out of office) replies pile up in your inbox.
While the organization needed to adjust to conducting business as usual with 75% of its workforce in place, it is now even more vulnerable to phishing attacks.
In the ever-evolving battle between hackers and organizations, 3.4 billion phishing attacks are hitting us every day. Each attack is better than the previous one, and the art of deception is advancing rapidly. With summer holidays on the rise, so are OOO’s replies, turning summer into Christmas time for hackers. That’s because OOO replies provide these bandits with information to create targeted phishing attacks.
While employees really want to stay diligent and not miss emails while away, each OOO reply inadvertently provides information about the mailbox owner, such as date, contact forwarding, alternate email, phone number, job title, and maybe even details about the vacation location. Such information is a “hacker’s paradise” because it has a lot of details to create personalized and advanced phishing attacks that can hit employees as soon as they return from vacation.
UNDERSTAND: Cybercriminals’ phishing toolkit makes credential theft easier than ever (TechRepublic)
For example, a phishing attack might look like this:
Hi joe,
Nice to have you back after your vacation. I hope you like it.
Just wanted to remind you that you need to update your security information.
Click here to complete your process.
Team SOC
The example above is just one of thousands that show how a personalized email can easily motivate employees, who haven’t been trained in phishing attacks for some time, to click a linking would cause a significant data breach. With today’s average attack cost rising to $14.8 million, up from $3.8 million in 2015, organizations should raise their security awareness, especially in the summer. .
3 protective measures for summer
The guidelines below assume that a security awareness program has been run. If employees are trained monthly to detect phishing attacks, the method will prove itself when they return from vacation and screen their inboxes.
Provide staff with guidance on what to write and what not to include in an OOO . notice
Information shared in OOO responses can increase the likelihood of personalized phishing attacks. Therefore, create OOO response content policies and guidelines.
While each organization implements their own set of policies when it comes to cyber hygiene, we recommend that OOO replies should not include personally identifiable emails, phone numbers or forwarded names. chemical. If you need to use email forwarding instead, consider using a dedicated mailbox address that can be disabled shortly thereafter. Do not state OOO reason or trip location. Keep it short. Keep it safe.
Provide employees with a summer guide to company device security
Employees traveling abroad, especially on an extended vacation, may bring laptops or other company devices with them. Laptops can be stolen or left in a random coffee shop, and even without that risk, unsanitary working conditions expose employees to public Wi-Fi networks. unprotected more than usual, with a higher chance of being infected with malware than usual.
UNDERSTAND: Mobile device privacy policy (TechRepublic Premium)
We recommend that you provide employees, just before travel, with your policies on laptop security, the use of public Wi-Fi, and which systems can be accessed using Wi-Fi. -Public Fi and how to check email on non-personal devices.
Install anti-phishing software
To ease the burden of fraud detection on employees, anti-phishing software can help. This software checks the content of emails, web pages and other ways to access data through the internet and then warns the user about the threat. This safety net can also block potentially phishing emails before they reach a person’s inbox.
Why is it important to run a monthly phishing simulation?
Running scam simulations continuously, at least once per month, provides invaluable hands-on experience for learning and maintaining good online habits.
Phishing simulations, especially personalized ones, teach employees how to respond to phishing attacks through real-world practice, allowing for more user retention. Such awareness training programs are most effective when they are frequent, more frequent, and focused on the threats employees are most likely to face based on public roles. their job, department or position.
Organizations that train their staff before the holidays can rest assured that this knowledge will be kept throughout the summer.
When facing hackers, we should not forget that they are improving day by day. Only consistent training for your employees is the cure to keeping your organization safe.
Omer Taran is the Co-Founder and CTO of CyberReady. As a co-founder, Omer serves as the company’s technologist. His vision for CybeReady motivated him to build a product roadmap serving a wide range of enterprise customers by combining learning best practices with innovation. He is known for bringing ideas to life quickly and accurately. Omer’s amazing techniques are only matched by his ability to play with words.
